View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security;
20  
21  import java.util.Properties;
22  
23  import javax.security.auth.Subject;
24  
25  import org.eclipse.jetty.server.UserIdentity;
26  import org.eclipse.jetty.util.B64Code;
27  import org.eclipse.jetty.util.component.AbstractLifeCycle;
28  import org.eclipse.jetty.util.log.Log;
29  import org.eclipse.jetty.util.log.Logger;
30  import org.eclipse.jetty.util.resource.Resource;
31  import org.ietf.jgss.GSSContext;
32  import org.ietf.jgss.GSSCredential;
33  import org.ietf.jgss.GSSException;
34  import org.ietf.jgss.GSSManager;
35  import org.ietf.jgss.GSSName;
36  import org.ietf.jgss.Oid;
37  
38  public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
39  {
40      private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
41  
42      protected IdentityService _identityService;// = new LdapIdentityService();
43      protected String _name;
44      private String _config;
45  
46      private String _targetName;
47  
48      public SpnegoLoginService()
49      {
50  
51      }
52  
53      public SpnegoLoginService( String name )
54      {
55          setName(name);
56      }
57  
58      public SpnegoLoginService( String name, String config )
59      {
60          setName(name);
61          setConfig(config);
62      }
63  
64      @Override
65      public String getName()
66      {
67          return _name;
68      }
69  
70      public void setName(String name)
71      {
72          if (isRunning())
73          {
74              throw new IllegalStateException("Running");
75          }
76  
77          _name = name;
78      }
79  
80      public String getConfig()
81      {
82          return _config;
83      }
84  
85      public void setConfig( String config )
86      {
87          if (isRunning())
88          {
89              throw new IllegalStateException("Running");
90          }
91  
92          _config = config;
93      }
94  
95  
96  
97      @Override
98      protected void doStart() throws Exception
99      {
100         Properties properties = new Properties();
101         Resource resource = Resource.newResource(_config);
102         properties.load(resource.getInputStream());
103 
104         _targetName = properties.getProperty("targetName");
105 
106         LOG.debug("Target Name {}", _targetName);
107 
108         super.doStart();
109     }
110 
111     /**
112      * username will be null since the credentials will contain all the relevant info
113      */
114     @Override
115     public UserIdentity login(String username, Object credentials)
116     {
117         String encodedAuthToken = (String)credentials;
118 
119         byte[] authToken = B64Code.decode(encodedAuthToken);
120 
121         GSSManager manager = GSSManager.getInstance();
122         try
123         {
124             Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
125             GSSName gssName = manager.createName(_targetName,null);
126             GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
127             GSSContext gContext = manager.createContext(serverCreds);
128 
129             if (gContext == null)
130             {
131                 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
132             }
133             else
134             {
135                 while (!gContext.isEstablished())
136                 {
137                     authToken = gContext.acceptSecContext(authToken,0,authToken.length);
138                 }
139                 if (gContext.isEstablished())
140                 {
141                     String clientName = gContext.getSrcName().toString();
142                     String role = clientName.substring(clientName.indexOf('@') + 1);
143 
144                     LOG.debug("SpnegoUserRealm: established a security context");
145                     LOG.debug("Client Principal is: " + gContext.getSrcName());
146                     LOG.debug("Server Principal is: " + gContext.getTargName());
147                     LOG.debug("Client Default Role: " + role);
148 
149                     SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
150 
151                     Subject subject = new Subject();
152                     subject.getPrincipals().add(user);
153 
154                     return _identityService.newUserIdentity(subject,user, new String[]{role});
155                 }
156             }
157 
158         }
159         catch (GSSException gsse)
160         {
161             LOG.warn(gsse);
162         }
163 
164         return null;
165     }
166 
167     @Override
168     public boolean validate(UserIdentity user)
169     {
170         return false;
171     }
172 
173     @Override
174     public IdentityService getIdentityService()
175     {
176         return _identityService;
177     }
178 
179     @Override
180     public void setIdentityService(IdentityService service)
181     {
182         _identityService = service;
183     }
184 
185     @Override
186     public void logout(UserIdentity user) 
187     {
188         // TODO Auto-generated method stub
189     }
190 
191 }