View Javadoc

1   package org.eclipse.jetty.security.authentication;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at 
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.opensource.org/licenses/apache2.0.php
14  //
15  //You may elect to redistribute this code under either of these licenses. 
16  //========================================================================
17  
18  import java.io.IOException;
19  
20  import javax.servlet.ServletRequest;
21  import javax.servlet.ServletResponse;
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  
25  import org.eclipse.jetty.http.HttpHeaders;
26  import org.eclipse.jetty.http.security.Constraint;
27  import org.eclipse.jetty.security.ServerAuthException;
28  import org.eclipse.jetty.security.UserAuthentication;
29  import org.eclipse.jetty.server.Authentication;
30  import org.eclipse.jetty.server.Authentication.User;
31  import org.eclipse.jetty.server.UserIdentity;
32  import org.eclipse.jetty.util.log.Log;
33  import org.eclipse.jetty.util.log.Logger;
34  
35  public class SpnegoAuthenticator extends LoginAuthenticator
36  {
37      private static final Logger LOG = Log.getLogger(SpnegoAuthenticator.class);
38      
39      public String getAuthMethod()
40      {
41          return Constraint.__SPNEGO_AUTH;
42      }
43  
44      public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
45      {        
46          HttpServletRequest req = (HttpServletRequest)request;
47          HttpServletResponse res = (HttpServletResponse)response;
48          
49          String header = req.getHeader(HttpHeaders.AUTHORIZATION);
50  
51          if (!mandatory)
52          {
53          	return _deferred;
54          }
55          
56          // check to see if we have authorization headers required to continue
57          if ( header == null )
58          {
59              try
60              {
61              	 if (_deferred.isDeferred(res))
62              	 {
63                       return Authentication.UNAUTHENTICATED;
64              	 }
65              	 
66                  LOG.debug("SpengoAuthenticator: sending challenge");
67                  res.setHeader(HttpHeaders.WWW_AUTHENTICATE, HttpHeaders.NEGOTIATE);
68                  res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
69                  return Authentication.SEND_CONTINUE;
70              } 
71              catch (IOException ioe)
72              {
73                  throw new ServerAuthException(ioe);
74              }       
75          }
76          else if (header != null && header.startsWith(HttpHeaders.NEGOTIATE))
77          {
78              String spnegoToken = header.substring(10);
79              
80              UserIdentity user = _loginService.login(null,spnegoToken);
81              
82              if ( user != null )
83              {
84                  return new UserAuthentication(getAuthMethod(),user);
85              }
86          }
87          
88          return Authentication.UNAUTHENTICATED;
89      }
90  
91      public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException
92      {
93          return true;
94      }
95  
96  }