1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.eclipse.jetty.security;
21
22 import java.io.IOException;
23 import java.io.Serializable;
24 import java.security.Principal;
25 import java.util.Map;
26 import java.util.concurrent.ConcurrentHashMap;
27 import java.util.concurrent.ConcurrentMap;
28
29 import javax.security.auth.Subject;
30
31 import org.eclipse.jetty.server.UserIdentity;
32 import org.eclipse.jetty.util.component.AbstractLifeCycle;
33 import org.eclipse.jetty.util.log.Log;
34 import org.eclipse.jetty.util.log.Logger;
35 import org.eclipse.jetty.util.security.Credential;
36
37
38
39
40
41
42
43
44
45 public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService
46 {
47 private static final Logger LOG = Log.getLogger(MappedLoginService.class);
48
49 protected IdentityService _identityService=new DefaultIdentityService();
50 protected String _name;
51 protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>();
52
53
54 protected MappedLoginService()
55 {
56 }
57
58
59
60
61
62 public String getName()
63 {
64 return _name;
65 }
66
67
68
69
70
71 public IdentityService getIdentityService()
72 {
73 return _identityService;
74 }
75
76
77
78
79
80 public ConcurrentMap<String, UserIdentity> getUsers()
81 {
82 return _users;
83 }
84
85
86
87
88
89 public void setIdentityService(IdentityService identityService)
90 {
91 if (isRunning())
92 throw new IllegalStateException("Running");
93 _identityService = identityService;
94 }
95
96
97
98
99
100 public void setName(String name)
101 {
102 if (isRunning())
103 throw new IllegalStateException("Running");
104 _name = name;
105 }
106
107
108
109
110
111 public void setUsers(Map<String, UserIdentity> users)
112 {
113 if (isRunning())
114 throw new IllegalStateException("Running");
115 _users.clear();
116 _users.putAll(users);
117 }
118
119
120
121
122
123 @Override
124 protected void doStart() throws Exception
125 {
126 loadUsers();
127 super.doStart();
128 }
129
130
131 @Override
132 protected void doStop() throws Exception
133 {
134 super.doStop();
135 }
136
137
138 public void logout(UserIdentity identity)
139 {
140 LOG.debug("logout {}",identity);
141 }
142
143
144 @Override
145 public String toString()
146 {
147 return this.getClass().getSimpleName()+"["+_name+"]";
148 }
149
150
151
152
153
154
155
156
157
158 protected synchronized UserIdentity putUser(String userName, Object info)
159 {
160 final UserIdentity identity;
161 if (info instanceof UserIdentity)
162 identity=(UserIdentity)info;
163 else
164 {
165 Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString());
166
167 Principal userPrincipal = new KnownUser(userName,credential);
168 Subject subject = new Subject();
169 subject.getPrincipals().add(userPrincipal);
170 subject.getPrivateCredentials().add(credential);
171 subject.setReadOnly();
172 identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES);
173 }
174
175 _users.put(userName,identity);
176 return identity;
177 }
178
179
180
181
182
183
184
185
186 public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles)
187 {
188 Principal userPrincipal = new KnownUser(userName,credential);
189 Subject subject = new Subject();
190 subject.getPrincipals().add(userPrincipal);
191 subject.getPrivateCredentials().add(credential);
192
193 if (roles!=null)
194 for (String role : roles)
195 subject.getPrincipals().add(new RolePrincipal(role));
196
197 subject.setReadOnly();
198 UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
199 _users.put(userName,identity);
200 return identity;
201 }
202
203
204 public void removeUser(String username)
205 {
206 _users.remove(username);
207 }
208
209
210
211
212
213 public UserIdentity login(String username, Object credentials)
214 {
215 if (username == null)
216 return null;
217
218 UserIdentity user = _users.get(username);
219
220 if (user==null)
221 user = loadUser(username);
222
223 if (user!=null)
224 {
225 UserPrincipal principal = (UserPrincipal)user.getUserPrincipal();
226 if (principal.authenticate(credentials))
227 return user;
228 }
229 return null;
230 }
231
232
233 public boolean validate(UserIdentity user)
234 {
235 if (_users.containsKey(user.getUserPrincipal().getName()))
236 return true;
237
238 if (loadUser(user.getUserPrincipal().getName())!=null)
239 return true;
240
241 return false;
242 }
243
244
245 protected abstract UserIdentity loadUser(String username);
246
247
248 protected abstract void loadUsers() throws IOException;
249
250
251
252
253
254 public interface UserPrincipal extends Principal,Serializable
255 {
256 boolean authenticate(Object credentials);
257 public boolean isAuthenticated();
258 }
259
260
261
262
263 public static class RolePrincipal implements Principal,Serializable
264 {
265 private static final long serialVersionUID = 2998397924051854402L;
266 private final String _roleName;
267 public RolePrincipal(String name)
268 {
269 _roleName=name;
270 }
271 public String getName()
272 {
273 return _roleName;
274 }
275 }
276
277
278
279
280 public static class Anonymous implements UserPrincipal,Serializable
281 {
282 private static final long serialVersionUID = 1097640442553284845L;
283
284 public boolean isAuthenticated()
285 {
286 return false;
287 }
288
289 public String getName()
290 {
291 return "Anonymous";
292 }
293
294 public boolean authenticate(Object credentials)
295 {
296 return false;
297 }
298
299 }
300
301
302
303
304 public static class KnownUser implements UserPrincipal,Serializable
305 {
306 private static final long serialVersionUID = -6226920753748399662L;
307 private final String _name;
308 private final Credential _credential;
309
310
311 public KnownUser(String name,Credential credential)
312 {
313 _name=name;
314 _credential=credential;
315 }
316
317
318 public boolean authenticate(Object credentials)
319 {
320 return _credential!=null && _credential.check(credentials);
321 }
322
323
324 public String getName()
325 {
326 return _name;
327 }
328
329
330 public boolean isAuthenticated()
331 {
332 return true;
333 }
334
335
336 @Override
337 public String toString()
338 {
339 return _name;
340 }
341 }
342 }
343