View Javadoc

1   package org.eclipse.jetty.security;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at 
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.opensource.org/licenses/apache2.0.php
14  //
15  //You may elect to redistribute this code under either of these licenses. 
16  //========================================================================
17  
18  import java.util.Collections;
19  import java.util.Properties;
20  
21  import javax.security.auth.Subject;
22  
23  import org.eclipse.jetty.http.security.B64Code;
24  import org.eclipse.jetty.server.UserIdentity;
25  import org.eclipse.jetty.util.component.AbstractLifeCycle;
26  import org.eclipse.jetty.util.log.Log;
27  import org.eclipse.jetty.util.log.Logger;
28  import org.eclipse.jetty.util.resource.Resource;
29  import org.ietf.jgss.GSSContext;
30  import org.ietf.jgss.GSSCredential;
31  import org.ietf.jgss.GSSException;
32  import org.ietf.jgss.GSSManager;
33  import org.ietf.jgss.GSSName;
34  import org.ietf.jgss.Oid;
35  
36  public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
37  {
38      private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
39  
40      protected IdentityService _identityService;// = new LdapIdentityService();
41      protected String _name;
42      private String _config;
43      
44      private String _targetName;
45  
46      public SpnegoLoginService()
47      {
48          
49      }
50      
51      public SpnegoLoginService( String name )
52      {
53          setName(name);
54      }
55      
56      public SpnegoLoginService( String name, String config )
57      {
58          setName(name);
59          setConfig(config);
60      }
61      
62      public String getName()
63      {
64          return _name;
65      }
66  
67      public void setName(String name)
68      {
69          if (isRunning())
70          {
71              throw new IllegalStateException("Running");
72          }
73          
74          _name = name;
75      }
76      
77      public String getConfig()
78      {
79          return _config;
80      }
81      
82      public void setConfig( String config )
83      {
84          if (isRunning())
85          {
86              throw new IllegalStateException("Running");
87          }
88          
89          _config = config;
90      }
91      
92      
93      
94      @Override
95      protected void doStart() throws Exception
96      {
97          Properties properties = new Properties();
98          Resource resource = Resource.newResource(_config);
99          properties.load(resource.getInputStream());
100         
101         _targetName = properties.getProperty("targetName");
102         
103         LOG.debug("Target Name {}", _targetName);
104         
105         super.doStart();
106     }
107 
108     /**
109      * username will be null since the credentials will contain all the relevant info
110      */
111     public UserIdentity login(String username, Object credentials)
112     {
113         String encodedAuthToken = (String)credentials;
114         
115         byte[] authToken = B64Code.decode(encodedAuthToken);
116         
117         GSSManager manager = GSSManager.getInstance();
118         try
119         {
120             Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
121             GSSName gssName = manager.createName(_targetName,null);
122             GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
123             GSSContext gContext = manager.createContext(serverCreds);
124 
125             if (gContext == null)
126             {
127                 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
128             }
129             else
130             {
131                 while (!gContext.isEstablished())
132                 {
133                     authToken = gContext.acceptSecContext(authToken,0,authToken.length);
134                 }
135                 if (gContext.isEstablished())
136                 {
137                     String clientName = gContext.getSrcName().toString();
138                     String role = clientName.substring(clientName.indexOf('@') + 1);
139                     
140                     LOG.debug("SpnegoUserRealm: established a security context");
141                     LOG.debug("Client Principal is: " + gContext.getSrcName());
142                     LOG.debug("Server Principal is: " + gContext.getTargName());
143                     LOG.debug("Client Default Role: " + role);
144 
145                     SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
146 
147                     Subject subject = new Subject();
148                     subject.getPrincipals().add(user);
149                     
150                     return _identityService.newUserIdentity(subject,user, new String[]{role});
151                 }
152             }
153 
154         }
155         catch (GSSException gsse)
156         {
157             LOG.warn(gsse);
158         }
159 
160         return null;
161     }
162 
163     public boolean validate(UserIdentity user)
164     {
165         return false;
166     }
167 
168     public IdentityService getIdentityService()
169     {
170         return _identityService;
171     }
172 
173     public void setIdentityService(IdentityService service)
174     {
175         _identityService = service;
176     }
177 
178 	public void logout(UserIdentity user) {
179 		// TODO Auto-generated method stub
180 		
181 	}
182 
183 }