View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.jaspi;
15  
16  import java.security.Principal;
17  import java.util.HashMap;
18  import java.util.List;
19  import java.util.Map;
20  import java.util.Set;
21  
22  import javax.security.auth.Subject;
23  import javax.security.auth.message.AuthException;
24  import javax.security.auth.message.config.AuthConfigFactory;
25  import javax.security.auth.message.config.AuthConfigProvider;
26  import javax.security.auth.message.config.RegistrationListener;
27  import javax.security.auth.message.config.ServerAuthConfig;
28  import javax.servlet.ServletContext;
29  
30  import org.eclipse.jetty.security.Authenticator;
31  import org.eclipse.jetty.security.DefaultAuthenticatorFactory;
32  import org.eclipse.jetty.security.IdentityService;
33  import org.eclipse.jetty.security.LoginService;
34  import org.eclipse.jetty.security.Authenticator.AuthConfiguration;
35  import org.eclipse.jetty.server.Server;
36  import org.eclipse.jetty.util.log.Log;
37  
38  public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory
39  {
40      private static String MESSAGE_LAYER = "HTTP";
41      
42      private Subject _serviceSubject;
43      private String _serverName;
44      
45  
46      /* ------------------------------------------------------------ */
47      /**
48       * @return the serviceSubject
49       */
50      public Subject getServiceSubject()
51      {
52          return _serviceSubject;
53      }
54  
55      /* ------------------------------------------------------------ */
56      /**
57       * @param serviceSubject the serviceSubject to set
58       */
59      public void setServiceSubject(Subject serviceSubject)
60      {
61          _serviceSubject = serviceSubject;
62      }
63  
64      /* ------------------------------------------------------------ */
65      /**
66       * @return the serverName
67       */
68      public String getServerName()
69      {
70          return _serverName;
71      }
72  
73      /* ------------------------------------------------------------ */
74      /**
75       * @param serverName the serverName to set
76       */
77      public void setServerName(String serverName)
78      {
79          _serverName = serverName;
80      }
81  
82      /* ------------------------------------------------------------ */
83      public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService)
84      {
85          Authenticator authenticator=null;
86          try 
87          {
88              AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
89              RegistrationListener listener = new RegistrationListener()
90              {
91                  public void notify(String layer, String appContext)
92                  {}
93              };
94  
95              Subject serviceSubject=findServiceSubject(server);
96              String serverName=findServerName(server,serviceSubject);
97              
98              
99              String appContext = serverName + " " + context.getContextPath();
100             AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
101             if (authConfigProvider != null)
102             {
103                 ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
104                 ServerAuthConfig serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER,appContext,servletCallbackHandler);
105                 if (serverAuthConfig != null)
106                 {
107                     Map map = new HashMap();
108                     for (String key : configuration.getInitParameterNames())
109                         map.put(key,configuration.getInitParameter(key));
110                     authenticator= new JaspiAuthenticator(serverAuthConfig,map,servletCallbackHandler,
111                                 serviceSubject,true, identityService);
112                 }
113             }
114         } 
115         catch (AuthException e) 
116         {
117             Log.warn(e);
118         }
119         return authenticator;
120     }
121 
122     /* ------------------------------------------------------------ */
123     /** Find a service Subject.
124      * If {@link #setServiceSubject(Subject)} has not been used to 
125      * set a subject, then the {@link Server#getBeans(Class)} method is
126      * used to look for a Subject.
127      */
128     protected Subject findServiceSubject(Server server)
129     {
130         if (_serviceSubject!=null)
131             return _serviceSubject;
132         List subjects = server.getBeans(Subject.class);
133         if (subjects.size()>0)
134             return (Subject)subjects.get(0);
135         return null;
136     }
137 
138     /* ------------------------------------------------------------ */
139     /** Find a servername.
140      * If {@link #setServerName(String)} has not been called, then
141      * use the name of the a principal in the service subject.
142      * If not found, return "server".
143      */
144     protected String findServerName(Server server, Subject subject)
145     {
146         if (_serverName!=null)
147             return _serverName;
148         if (subject!=null)
149         {
150             Set<Principal> principals = subject.getPrincipals();
151             if (principals!=null && !principals.isEmpty())
152                 return principals.iterator().next().getName();
153         }
154         
155         return "server";
156     }
157 }