1 package org.eclipse.jetty.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.util.Collections;
19 import java.util.Properties;
20
21 import javax.security.auth.Subject;
22
23 import org.eclipse.jetty.http.security.B64Code;
24 import org.eclipse.jetty.server.UserIdentity;
25 import org.eclipse.jetty.util.component.AbstractLifeCycle;
26 import org.eclipse.jetty.util.log.Log;
27 import org.eclipse.jetty.util.log.Logger;
28 import org.eclipse.jetty.util.resource.Resource;
29 import org.ietf.jgss.GSSContext;
30 import org.ietf.jgss.GSSCredential;
31 import org.ietf.jgss.GSSException;
32 import org.ietf.jgss.GSSManager;
33 import org.ietf.jgss.GSSName;
34 import org.ietf.jgss.Oid;
35
36 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
37 {
38 private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
39
40 protected IdentityService _identityService;
41 protected String _name;
42 private String _config;
43
44 private String _targetName;
45
46 public SpnegoLoginService()
47 {
48
49 }
50
51 public SpnegoLoginService( String name )
52 {
53 setName(name);
54 }
55
56 public SpnegoLoginService( String name, String config )
57 {
58 setName(name);
59 setConfig(config);
60 }
61
62 public String getName()
63 {
64 return _name;
65 }
66
67 public void setName(String name)
68 {
69 if (isRunning())
70 {
71 throw new IllegalStateException("Running");
72 }
73
74 _name = name;
75 }
76
77 public String getConfig()
78 {
79 return _config;
80 }
81
82 public void setConfig( String config )
83 {
84 if (isRunning())
85 {
86 throw new IllegalStateException("Running");
87 }
88
89 _config = config;
90 }
91
92
93
94 @Override
95 protected void doStart() throws Exception
96 {
97 Properties properties = new Properties();
98 Resource resource = Resource.newResource(_config);
99 properties.load(resource.getInputStream());
100
101 _targetName = properties.getProperty("targetName");
102
103 LOG.debug("Target Name {}", _targetName);
104
105 super.doStart();
106 }
107
108
109
110
111 public UserIdentity login(String username, Object credentials)
112 {
113 String encodedAuthToken = (String)credentials;
114
115 byte[] authToken = B64Code.decode(encodedAuthToken);
116
117 GSSManager manager = GSSManager.getInstance();
118 try
119 {
120 Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
121 GSSName gssName = manager.createName(_targetName,null);
122 GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
123 GSSContext gContext = manager.createContext(serverCreds);
124
125 if (gContext == null)
126 {
127 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
128 }
129 else
130 {
131 while (!gContext.isEstablished())
132 {
133 authToken = gContext.acceptSecContext(authToken,0,authToken.length);
134 }
135 if (gContext.isEstablished())
136 {
137 String clientName = gContext.getSrcName().toString();
138 String role = clientName.substring(clientName.indexOf('@') + 1);
139
140 LOG.debug("SpnegoUserRealm: established a security context");
141 LOG.debug("Client Principal is: " + gContext.getSrcName());
142 LOG.debug("Server Principal is: " + gContext.getTargName());
143 LOG.debug("Client Default Role: " + role);
144
145 SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
146
147 Subject subject = new Subject();
148 subject.getPrincipals().add(user);
149
150 return _identityService.newUserIdentity(subject,user, new String[]{role});
151 }
152 }
153
154 }
155 catch (GSSException gsse)
156 {
157 LOG.warn(gsse);
158 }
159
160 return null;
161 }
162
163 public boolean validate(UserIdentity user)
164 {
165 return false;
166 }
167
168 public IdentityService getIdentityService()
169 {
170 return _identityService;
171 }
172
173 public void setIdentityService(IdentityService service)
174 {
175 _identityService = service;
176 }
177
178 public void logout(UserIdentity user) {
179
180
181 }
182
183 }