BaseAuthModule xref

View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.jaspi.modules;
15  
16  import java.io.IOException;
17  import java.util.Map;
18  import java.util.Set;
19  
20  import javax.security.auth.Subject;
21  import javax.security.auth.callback.Callback;
22  import javax.security.auth.callback.CallbackHandler;
23  import javax.security.auth.callback.UnsupportedCallbackException;
24  import javax.security.auth.message.AuthException;
25  import javax.security.auth.message.AuthStatus;
26  import javax.security.auth.message.MessageInfo;
27  import javax.security.auth.message.MessagePolicy;
28  import javax.security.auth.message.callback.CallerPrincipalCallback;
29  import javax.security.auth.message.callback.GroupPrincipalCallback;
30  import javax.security.auth.message.config.ServerAuthContext;
31  import javax.security.auth.message.module.ServerAuthModule;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  
35  import org.eclipse.jetty.http.security.Credential;
36  import org.eclipse.jetty.http.security.Password;
37  import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
38  import org.eclipse.jetty.security.jaspi.JaspiMessageInfo;
39  import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
40  import org.eclipse.jetty.util.B64Code;
41  import org.eclipse.jetty.util.StringUtil;
42  
43  /**
44   * @deprecated use *ServerAuthentication
45   * @version $Rev: 4792 $ $Date: 2009-03-18 22:55:52 +0100 (Wed, 18 Mar 2009) $
46   */
47  public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
48  {
49      private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
50  
51      protected static final String LOGIN_SERVICE_KEY = "org.eclipse.jetty.security.jaspi.modules.LoginService";
52  
53      protected CallbackHandler callbackHandler;
54  
55      public Class[] getSupportedMessageTypes()
56      {
57          return SUPPORTED_MESSAGE_TYPES;
58      }
59  
60      public BaseAuthModule()
61      {
62      }
63  
64      public BaseAuthModule(CallbackHandler callbackHandler)
65      {
66          this.callbackHandler = callbackHandler;
67      }
68  
69      public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException
70      {
71          this.callbackHandler = handler;
72      }
73  
74      public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
75      {
76          // TODO apparently we either get the LoginCallback or the LoginService
77          // but not both :-(
78          // Set<LoginCallback> loginCallbacks =
79          // subject.getPrivateCredentials(LoginCallback.class);
80          // if (!loginCallbacks.isEmpty()) {
81          // LoginCallback loginCallback = loginCallbacks.iterator().next();
82          // }
83          // try {
84          // loginService.logout(subject);
85          // } catch (ServerAuthException e) {
86          // throw new AuthException(e.getMessage());
87          // }
88      }
89  
90      public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
91      {
92          // servlets do not need secured responses
93          return AuthStatus.SUCCESS;
94      }
95  
96      public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
97      {
98          return AuthStatus.FAILURE;
99      }
100 
101     /**
102      * @param messageInfo message info to examine for mandatory flag
103      * @return whether authentication is mandatory or optional
104      */
105     protected boolean isMandatory(MessageInfo messageInfo)
106     {
107         String mandatory = (String) messageInfo.getMap().get(JaspiMessageInfo.MANDATORY_KEY);
108         if (mandatory == null) return false;
109         return Boolean.valueOf(mandatory);
110     }
111 
112     protected boolean login(Subject clientSubject, String credentials, 
113                             String authMethod, MessageInfo messageInfo) 
114     throws IOException, UnsupportedCallbackException
115     {
116         credentials = credentials.substring(credentials.indexOf(' ')+1);
117         credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
118         int i = credentials.indexOf(':');
119         String userName = credentials.substring(0,i);
120         String password = credentials.substring(i+1);
121         return login(clientSubject, userName, new Password(password), authMethod, messageInfo);
122     }
123 
124     protected boolean login(Subject clientSubject, String username, 
125                             Credential credential, String authMethod, 
126                             MessageInfo messageInfo) 
127     throws IOException, UnsupportedCallbackException
128     {
129         CredentialValidationCallback credValidationCallback = new CredentialValidationCallback(clientSubject, username, credential);
130         callbackHandler.handle(new Callback[] { credValidationCallback });
131         if (credValidationCallback.getResult())
132         {
133             Set<LoginCallbackImpl> loginCallbacks = clientSubject.getPrivateCredentials(LoginCallbackImpl.class);
134             if (!loginCallbacks.isEmpty())
135             {
136                 LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();
137                 CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, loginCallback.getUserPrincipal());
138                 GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, loginCallback.getRoles());
139                 callbackHandler.handle(new Callback[] { callerPrincipalCallback, groupPrincipalCallback });
140             }
141             messageInfo.getMap().put(JaspiMessageInfo.AUTH_METHOD_KEY, authMethod);
142         }
143         return credValidationCallback.getResult();
144 
145     }
146 }