View Javadoc

1   package org.eclipse.jetty.security;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at 
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.opensource.org/licenses/apache2.0.php
14  //
15  //You may elect to redistribute this code under either of these licenses. 
16  //========================================================================
17  
18  import java.util.Collections;
19  import java.util.Properties;
20  
21  import javax.security.auth.Subject;
22  
23  import org.eclipse.jetty.http.security.B64Code;
24  import org.eclipse.jetty.server.UserIdentity;
25  import org.eclipse.jetty.util.component.AbstractLifeCycle;
26  import org.eclipse.jetty.util.log.Log;
27  import org.eclipse.jetty.util.resource.Resource;
28  import org.ietf.jgss.GSSContext;
29  import org.ietf.jgss.GSSCredential;
30  import org.ietf.jgss.GSSException;
31  import org.ietf.jgss.GSSManager;
32  import org.ietf.jgss.GSSName;
33  import org.ietf.jgss.Oid;
34  
35  public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
36  {
37      protected IdentityService _identityService;// = new LdapIdentityService();
38      protected String _name;
39      private String _config;
40      
41      private String _targetName;
42  
43      public SpnegoLoginService()
44      {
45          
46      }
47      
48      public SpnegoLoginService( String name )
49      {
50          setName(name);
51      }
52      
53      public SpnegoLoginService( String name, String config )
54      {
55          setName(name);
56          setConfig(config);
57      }
58      
59      public String getName()
60      {
61          return _name;
62      }
63  
64      public void setName(String name)
65      {
66          if (isRunning())
67          {
68              throw new IllegalStateException("Running");
69          }
70          
71          _name = name;
72      }
73      
74      public String getConfig()
75      {
76          return _config;
77      }
78      
79      public void setConfig( String config )
80      {
81          if (isRunning())
82          {
83              throw new IllegalStateException("Running");
84          }
85          
86          _config = config;
87      }
88      
89      
90      
91      @Override
92      protected void doStart() throws Exception
93      {
94          Properties properties = new Properties();
95          Resource resource = Resource.newResource(_config);
96          properties.load(resource.getInputStream());
97          
98          _targetName = properties.getProperty("targetName");
99          
100         Log.debug("\n\nTarget Name\n\n" + _targetName);
101         
102         super.doStart();
103     }
104 
105     /**
106      * username will be null since the credentials will contain all the relevant info
107      */
108     public UserIdentity login(String username, Object credentials)
109     {
110         String encodedAuthToken = (String)credentials;
111         
112         byte[] authToken = B64Code.decode(encodedAuthToken);
113         
114         GSSManager manager = GSSManager.getInstance();
115         try
116         {
117             Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
118             GSSName gssName = manager.createName(_targetName,null);
119             GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
120             GSSContext gContext = manager.createContext(serverCreds);
121 
122             if (gContext == null)
123             {
124                 Log.debug("SpnegoUserRealm: failed to establish GSSContext");
125             }
126             else
127             {
128                 while (!gContext.isEstablished())
129                 {
130                     authToken = gContext.acceptSecContext(authToken,0,authToken.length);
131                 }
132                 if (gContext.isEstablished())
133                 {
134                     String clientName = gContext.getSrcName().toString();
135                     String role = clientName.substring(clientName.indexOf('@') + 1);
136                     
137                     Log.debug("SpnegoUserRealm: established a security context");
138                     Log.debug("Client Principal is: " + gContext.getSrcName());
139                     Log.debug("Server Principal is: " + gContext.getTargName());
140                     Log.debug("Client Default Role: " + role);
141 
142                     SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
143 
144                     Subject subject = new Subject();
145                     subject.getPrincipals().add(user);
146                     
147                     return _identityService.newUserIdentity(subject,user, new String[]{role});
148                 }
149             }
150 
151         }
152         catch (GSSException gsse)
153         {
154             Log.warn(gsse);
155         }
156 
157         return null;
158     }
159 
160     public boolean validate(UserIdentity user)
161     {
162         return false;
163     }
164 
165     public IdentityService getIdentityService()
166     {
167         return _identityService;
168     }
169 
170     public void setIdentityService(IdentityService service)
171     {
172         _identityService = service;
173     }
174 
175 	public void logout(UserIdentity user) {
176 		// TODO Auto-generated method stub
177 		
178 	}
179 
180 }