1 package org.eclipse.jetty.security.authentication;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.io.IOException;
19
20 import javax.servlet.ServletRequest;
21 import javax.servlet.ServletResponse;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24
25 import org.eclipse.jetty.http.HttpHeaders;
26 import org.eclipse.jetty.http.security.Constraint;
27 import org.eclipse.jetty.security.ServerAuthException;
28 import org.eclipse.jetty.security.UserAuthentication;
29 import org.eclipse.jetty.server.Authentication;
30 import org.eclipse.jetty.server.Authentication.User;
31 import org.eclipse.jetty.server.UserIdentity;
32 import org.eclipse.jetty.util.log.Log;
33 import org.eclipse.jetty.util.log.Logger;
34
35 public class SpnegoAuthenticator extends LoginAuthenticator
36 {
37 private static final Logger LOG = Log.getLogger(SpnegoAuthenticator.class);
38
39 public String getAuthMethod()
40 {
41 return Constraint.__SPNEGO_AUTH;
42 }
43
44 public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
45 {
46 HttpServletRequest req = (HttpServletRequest)request;
47 HttpServletResponse res = (HttpServletResponse)response;
48
49 String header = req.getHeader(HttpHeaders.AUTHORIZATION);
50
51 if (!mandatory)
52 {
53 return _deferred;
54 }
55
56
57 if ( header == null )
58 {
59 try
60 {
61 if (_deferred.isDeferred(res))
62 {
63 return Authentication.UNAUTHENTICATED;
64 }
65
66 LOG.debug("SpengoAuthenticator: sending challenge");
67 res.setHeader(HttpHeaders.WWW_AUTHENTICATE, HttpHeaders.NEGOTIATE);
68 res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
69 return Authentication.SEND_CONTINUE;
70 }
71 catch (IOException ioe)
72 {
73 throw new ServerAuthException(ioe);
74 }
75 }
76 else if (header != null && header.startsWith(HttpHeaders.NEGOTIATE))
77 {
78 String spnegoToken = header.substring(10);
79
80 UserIdentity user = _loginService.login(null,spnegoToken);
81
82 if ( user != null )
83 {
84 return new UserAuthentication(getAuthMethod(),user);
85 }
86 }
87
88 return Authentication.UNAUTHENTICATED;
89 }
90
91 public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException
92 {
93 return true;
94 }
95
96 }