1 package org.eclipse.jetty.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.util.Collections;
19 import java.util.Properties;
20
21 import javax.security.auth.Subject;
22
23 import org.eclipse.jetty.http.security.B64Code;
24 import org.eclipse.jetty.server.UserIdentity;
25 import org.eclipse.jetty.util.component.AbstractLifeCycle;
26 import org.eclipse.jetty.util.log.Log;
27 import org.eclipse.jetty.util.resource.Resource;
28 import org.ietf.jgss.GSSContext;
29 import org.ietf.jgss.GSSCredential;
30 import org.ietf.jgss.GSSException;
31 import org.ietf.jgss.GSSManager;
32 import org.ietf.jgss.GSSName;
33 import org.ietf.jgss.Oid;
34
35 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
36 {
37 protected IdentityService _identityService;
38 protected String _name;
39 private String _config;
40
41 private String _targetName;
42
43 public SpnegoLoginService()
44 {
45
46 }
47
48 public SpnegoLoginService( String name )
49 {
50 setName(name);
51 }
52
53 public SpnegoLoginService( String name, String config )
54 {
55 setName(name);
56 setConfig(config);
57 }
58
59 public String getName()
60 {
61 return _name;
62 }
63
64 public void setName(String name)
65 {
66 if (isRunning())
67 {
68 throw new IllegalStateException("Running");
69 }
70
71 _name = name;
72 }
73
74 public String getConfig()
75 {
76 return _config;
77 }
78
79 public void setConfig( String config )
80 {
81 if (isRunning())
82 {
83 throw new IllegalStateException("Running");
84 }
85
86 _config = config;
87 }
88
89
90
91 @Override
92 protected void doStart() throws Exception
93 {
94 Properties properties = new Properties();
95 Resource resource = Resource.newResource(_config);
96 properties.load(resource.getInputStream());
97
98 _targetName = properties.getProperty("targetName");
99
100 Log.debug("\n\nTarget Name\n\n" + _targetName);
101
102 super.doStart();
103 }
104
105
106
107
108 public UserIdentity login(String username, Object credentials)
109 {
110 String encodedAuthToken = (String)credentials;
111
112 byte[] authToken = B64Code.decode(encodedAuthToken);
113
114 GSSManager manager = GSSManager.getInstance();
115 try
116 {
117 Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
118 GSSName gssName = manager.createName(_targetName,null);
119 GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
120 GSSContext gContext = manager.createContext(serverCreds);
121
122 if (gContext == null)
123 {
124 Log.debug("SpnegoUserRealm: failed to establish GSSContext");
125 }
126 else
127 {
128 while (!gContext.isEstablished())
129 {
130 authToken = gContext.acceptSecContext(authToken,0,authToken.length);
131 }
132 if (gContext.isEstablished())
133 {
134 String clientName = gContext.getSrcName().toString();
135 String role = clientName.substring(clientName.indexOf('@') + 1);
136
137 Log.debug("SpnegoUserRealm: established a security context");
138 Log.debug("Client Principal is: " + gContext.getSrcName());
139 Log.debug("Server Principal is: " + gContext.getTargName());
140 Log.debug("Client Default Role: " + role);
141
142 SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
143
144 Subject subject = new Subject();
145 subject.getPrincipals().add(user);
146
147 return _identityService.newUserIdentity(subject,user, new String[]{role});
148 }
149 }
150
151 }
152 catch (GSSException gsse)
153 {
154 Log.warn(gsse);
155 }
156
157 return null;
158 }
159
160 public boolean validate(UserIdentity user)
161 {
162 return false;
163 }
164
165 public IdentityService getIdentityService()
166 {
167 return _identityService;
168 }
169
170 public void setIdentityService(IdentityService service)
171 {
172 _identityService = service;
173 }
174
175 public void logout(UserIdentity user) {
176
177
178 }
179
180 }