1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security;
20
21 import java.util.Properties;
22
23 import javax.security.auth.Subject;
24
25 import org.eclipse.jetty.server.UserIdentity;
26 import org.eclipse.jetty.util.B64Code;
27 import org.eclipse.jetty.util.component.AbstractLifeCycle;
28 import org.eclipse.jetty.util.log.Log;
29 import org.eclipse.jetty.util.log.Logger;
30 import org.eclipse.jetty.util.resource.Resource;
31 import org.ietf.jgss.GSSContext;
32 import org.ietf.jgss.GSSCredential;
33 import org.ietf.jgss.GSSException;
34 import org.ietf.jgss.GSSManager;
35 import org.ietf.jgss.GSSName;
36 import org.ietf.jgss.Oid;
37
38 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
39 {
40 private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
41
42 protected IdentityService _identityService;
43 protected String _name;
44 private String _config;
45
46 private String _targetName;
47
48 public SpnegoLoginService()
49 {
50
51 }
52
53 public SpnegoLoginService( String name )
54 {
55 setName(name);
56 }
57
58 public SpnegoLoginService( String name, String config )
59 {
60 setName(name);
61 setConfig(config);
62 }
63
64 @Override
65 public String getName()
66 {
67 return _name;
68 }
69
70 public void setName(String name)
71 {
72 if (isRunning())
73 {
74 throw new IllegalStateException("Running");
75 }
76
77 _name = name;
78 }
79
80 public String getConfig()
81 {
82 return _config;
83 }
84
85 public void setConfig( String config )
86 {
87 if (isRunning())
88 {
89 throw new IllegalStateException("Running");
90 }
91
92 _config = config;
93 }
94
95
96
97 @Override
98 protected void doStart() throws Exception
99 {
100 Properties properties = new Properties();
101 Resource resource = Resource.newResource(_config);
102 properties.load(resource.getInputStream());
103
104 _targetName = properties.getProperty("targetName");
105
106 LOG.debug("Target Name {}", _targetName);
107
108 super.doStart();
109 }
110
111
112
113
114 @Override
115 public UserIdentity login(String username, Object credentials)
116 {
117 String encodedAuthToken = (String)credentials;
118
119 byte[] authToken = B64Code.decode(encodedAuthToken);
120
121 GSSManager manager = GSSManager.getInstance();
122 try
123 {
124 Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
125 GSSName gssName = manager.createName(_targetName,null);
126 GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
127 GSSContext gContext = manager.createContext(serverCreds);
128
129 if (gContext == null)
130 {
131 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
132 }
133 else
134 {
135 while (!gContext.isEstablished())
136 {
137 authToken = gContext.acceptSecContext(authToken,0,authToken.length);
138 }
139 if (gContext.isEstablished())
140 {
141 String clientName = gContext.getSrcName().toString();
142 String role = clientName.substring(clientName.indexOf('@') + 1);
143
144 LOG.debug("SpnegoUserRealm: established a security context");
145 LOG.debug("Client Principal is: " + gContext.getSrcName());
146 LOG.debug("Server Principal is: " + gContext.getTargName());
147 LOG.debug("Client Default Role: " + role);
148
149 SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
150
151 Subject subject = new Subject();
152 subject.getPrincipals().add(user);
153
154 return _identityService.newUserIdentity(subject,user, new String[]{role});
155 }
156 }
157
158 }
159 catch (GSSException gsse)
160 {
161 LOG.warn(gsse);
162 }
163
164 return null;
165 }
166
167 @Override
168 public boolean validate(UserIdentity user)
169 {
170 return false;
171 }
172
173 @Override
174 public IdentityService getIdentityService()
175 {
176 return _identityService;
177 }
178
179 @Override
180 public void setIdentityService(IdentityService service)
181 {
182 _identityService = service;
183 }
184
185 @Override
186 public void logout(UserIdentity user)
187 {
188
189 }
190
191 }