RestAPI Plugin - Provide the possibility to use Custom Auth Filter

Now switchoff betweeen the authentication systems seems to work as intended

RestAPI Plugin - Provide the possibility to use Custom Auth Filter
Now switchoff betweeen the authentication systems seems to work as intended
ce10f45a · Francesco Scoccia · 23283f5d · ce10f45a · ce10f45a · ce10f45a
Commit ce10f45a authored Nov 11, 2015 by Francesco Scoccia
3 changed files
--- a/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/RESTServicePlugin.java
+++ b/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/RESTServicePlugin.java
@@ -202,6 +202,13 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 		return JerseyWrapper.getLoadingStatusMessage();
 	}
+	/**
+	 * Reloads the Jersey wrapper.
+	 */
+	public String loadAuthenticationFilter(String customAuthFilterClassName) {
+		return JerseyWrapper.tryLoadingAuthenticationFilter(customAuthFilterClassName);
+	}
 	/**
 	 * Returns the secret key that only valid requests should know.
 	 *

--- a/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/service/JerseyWrapper.java
+++ b/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/service/JerseyWrapper.java
@@ -68,29 +68,13 @@ public class JerseyWrapper extends ServletContainer {
 	private static String loadingStatusMessage = null;
 	static {
-		// Check if custom AuthFilter is available
-		String customAuthFilterClassName = JiveGlobals.getProperty(CUSTOM_AUTH_PROPERTY_NAME);
-		String restAuthType = JiveGlobals.getProperty(REST_AUTH_TYPE);
-		String pickedAuthFilter = AUTHFILTER;
-		try {
-			if(customAuthFilterClassName != null && "custom".equals(restAuthType)) {
-				Class.forName(customAuthFilterClassName, false, JerseyWrapper.class.getClassLoader());
-				pickedAuthFilter = customAuthFilterClassName;
-				loadingStatusMessage = null;
-			}
-		} catch (ClassNotFoundException e) {
-			loadingStatusMessage = "No custom auth filter found for restAPI plugin!";
-        }
 		JERSEY_LOGGER.setLevel(Level.SEVERE);
 		config = new HashMap<String, Object>();
 		config.put(RESOURCE_CONFIG_CLASS_KEY, RESOURCE_CONFIG_CLASS);
 		prc = new PackagesResourceConfig(SCAN_PACKAGE_DEFAULT);
 		prc.setPropertiesAndFeatures(config);		
-		prc.getProperties().put(CONTAINER_REQUEST_FILTERS, pickedAuthFilter);
 		prc.getProperties().put(CONTAINER_RESPONSE_FILTERS, CORSFILTER);
+		loadAuthenticationFilter();
 		prc.getClasses().add(RestAPIService.class);
@@ -115,6 +99,43 @@ public class JerseyWrapper extends ServletContainer {
 		prc.getClasses().add(RESTExceptionMapper.class);
 	}
+	public static String tryLoadingAuthenticationFilter(String customAuthFilterClassName) {
+		try {
+			if(customAuthFilterClassName != null) {
+				Class.forName(customAuthFilterClassName, false, JerseyWrapper.class.getClassLoader());
+				loadingStatusMessage = null;
+			}
+		} catch (ClassNotFoundException e) {
+			loadingStatusMessage = "No custom auth filter found for restAPI plugin with name " + customAuthFilterClassName;
+        }
+		if(customAuthFilterClassName == null || customAuthFilterClassName.isEmpty())
+			loadingStatusMessage = "Classname field can't be empty!";
+		return loadingStatusMessage;
+	}
+	public static String loadAuthenticationFilter() {
+		// Check if custom AuthFilter is available
+		String customAuthFilterClassName = JiveGlobals.getProperty(CUSTOM_AUTH_PROPERTY_NAME);
+		String restAuthType = JiveGlobals.getProperty(REST_AUTH_TYPE);
+		String pickedAuthFilter = AUTHFILTER;
+		try {
+			if(customAuthFilterClassName != null && "custom".equals(restAuthType)) {
+				Class.forName(customAuthFilterClassName, false, JerseyWrapper.class.getClassLoader());
+				pickedAuthFilter = customAuthFilterClassName;
+				loadingStatusMessage = null;
+			}
+		} catch (ClassNotFoundException e) {
+			loadingStatusMessage = "No custom auth filter found for restAPI plugin! " + customAuthFilterClassName + " " + restAuthType;
+        }
+		prc.getProperties().put(CONTAINER_REQUEST_FILTERS, pickedAuthFilter);	
+		return loadingStatusMessage;
+	}
 	/**
 	 * Instantiates a new jersey wrapper.
 	 */
@@ -129,6 +150,7 @@ public class JerseyWrapper extends ServletContainer {
 	 */
 	@Override
 	public void init(ServletConfig servletConfig) throws ServletException {
+		loadAuthenticationFilter();
 		super.init(servletConfig);
 		// Exclude this servlet from requering the user to login
 		AuthCheckFilter.addExclude(SERVLET_URL);

--- a/src/plugins/restAPI/src/web/rest-api.jsp
+++ b/src/plugins/restAPI/src/web/rest-api.jsp
 <%@ page
 	import="java.util.*,
-                 org.jivesoftware.openfire.XMPPServer,
+                org.jivesoftware.openfire.XMPPServer,
-                 org.jivesoftware.util.*,org.jivesoftware.openfire.plugin.rest.RESTServicePlugin"
+                org.jivesoftware.util.*,org.jivesoftware.openfire.plugin.rest.RESTServicePlugin,
+				org.jivesoftware.openfire.container.Plugin,
+                org.jivesoftware.openfire.container.PluginManager"
 	errorPage="error.jsp"%>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
@@ -26,23 +28,39 @@
 	String loadingStatus = null;
+	final PluginManager pluginManager = admin.getXMPPServer().getPluginManager();
 	RESTServicePlugin plugin = (RESTServicePlugin) XMPPServer.getInstance().getPluginManager()
 			.getPlugin("restapi");
 	// Handle a save
 	Map errors = new HashMap();
 	if (save) {
-		loadingStatus = plugin.getLoadingStatusMessage();
+		if("custom".equals(httpAuth)) {
+			loadingStatus = plugin.loadAuthenticationFilter(customAuthFilterClassName);
+		}
 		if (loadingStatus != null) {
            errors.put("loadingStatus", loadingStatus);
 		}
 		if (errors.size() == 0) {
+			boolean is2Reload = "custom".equals(httpAuth) || "custom".equals(plugin.getHttpAuth());
 			plugin.setEnabled(enabled);
 			plugin.setSecret(secret);
 			plugin.setHttpAuth(httpAuth);
 			plugin.setAllowedIPs(StringUtils.stringToCollection(allowedIPs));
 			plugin.setCustomAuthFiIterClassName(customAuthFilterClassName);
+			if(is2Reload) {
+				String pluginName  = pluginManager.getName(plugin);
+				String pluginDir = pluginManager.getPluginDirectory(plugin).getName();
+				pluginManager.unloadPlugin(pluginDir);
+				// Log the event
+				admin.logEvent("reloaded plugin "+ pluginName, null);
+				response.sendRedirect("/plugin-admin.jsp?reloadsuccess=true");
+            }
 			response.sendRedirect("rest-api.jsp?success=true");
 			return;
 		}
@@ -147,12 +165,13 @@
 					<input type="radio" name="authtype" value="custom"
 						id="customFilterAuth" <%=("custom".equals(httpAuth) ? "checked" : "")%>>
 					<label for="secretKeyAuth">Custom authentication filter classname - REST API
-						authentication delegates to a custom filter implemented in some other plugin.</label>
+						authentication delegates to a custom filter implemented in some other plugin.
-					<br>
+					</label>
+					<div style="margin-left: 20px; margin-top: 5px;"><strong>Note: changing back and forth from custom authentication filter forces the REST API plugin reloading</strong></div>
 					<label style="padding-left: 25px" for="text_secret">Filter 
 						classname:</label>
-					<input type="text" name="customAuthFilterClassName" value="<%=customAuthFilterClassName%>"
+					<input type="text" name="customAuthFilterClassName" value="<%= customAuthFilterClassName %>"
-						id="custom_auth_filter_class_name">
+						id="custom_auth_filter_class_name" style="width:70%;padding:4px;">
 					<br>
 					<br>