1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security.jaspi;
20
21 import java.io.IOException;
22
23 import javax.security.auth.Subject;
24 import javax.security.auth.callback.Callback;
25 import javax.security.auth.callback.CallbackHandler;
26 import javax.security.auth.callback.UnsupportedCallbackException;
27 import javax.security.auth.message.callback.CallerPrincipalCallback;
28 import javax.security.auth.message.callback.CertStoreCallback;
29 import javax.security.auth.message.callback.GroupPrincipalCallback;
30 import javax.security.auth.message.callback.PasswordValidationCallback;
31 import javax.security.auth.message.callback.PrivateKeyCallback;
32 import javax.security.auth.message.callback.SecretKeyCallback;
33 import javax.security.auth.message.callback.TrustStoreCallback;
34
35 import org.eclipse.jetty.security.LoginService;
36 import org.eclipse.jetty.security.authentication.LoginCallback;
37 import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
38 import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
39 import org.eclipse.jetty.server.UserIdentity;
40
41
42
43
44
45
46
47 public class ServletCallbackHandler implements CallbackHandler
48 {
49 private final LoginService _loginService;
50
51 private final ThreadLocal<CallerPrincipalCallback> _callerPrincipals = new ThreadLocal<CallerPrincipalCallback>();
52 private final ThreadLocal<GroupPrincipalCallback> _groupPrincipals = new ThreadLocal<GroupPrincipalCallback>();
53
54 public ServletCallbackHandler(LoginService loginService)
55 {
56 _loginService = loginService;
57 }
58
59 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
60 {
61 for (Callback callback : callbacks)
62 {
63
64 if (callback instanceof CallerPrincipalCallback)
65 {
66 _callerPrincipals.set((CallerPrincipalCallback) callback);
67 }
68 else if (callback instanceof GroupPrincipalCallback)
69 {
70 _groupPrincipals.set((GroupPrincipalCallback) callback);
71 }
72 else if (callback instanceof PasswordValidationCallback)
73 {
74 PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
75 Subject subject = passwordValidationCallback.getSubject();
76
77 UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(),passwordValidationCallback.getPassword());
78
79 if (user!=null)
80 {
81 passwordValidationCallback.setResult(true);
82 passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
83 passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
84 }
85 }
86 else if (callback instanceof CredentialValidationCallback)
87 {
88 CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
89 Subject subject = credentialValidationCallback.getSubject();
90 LoginCallback loginCallback = new LoginCallbackImpl(subject,
91 credentialValidationCallback.getUsername(),
92 credentialValidationCallback.getCredential());
93
94 UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(),credentialValidationCallback.getCredential());
95
96 if (user!=null)
97 {
98 loginCallback.setUserPrincipal(user.getUserPrincipal());
99 credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
100 credentialValidationCallback.setResult(true);
101 credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
102 credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
103 }
104 }
105
106
107 else if (callback instanceof CertStoreCallback)
108 {
109 }
110 else if (callback instanceof PrivateKeyCallback)
111 {
112 }
113 else if (callback instanceof SecretKeyCallback)
114 {
115 }
116 else if (callback instanceof TrustStoreCallback)
117 {
118 }
119 else
120 {
121 throw new UnsupportedCallbackException(callback);
122 }
123 }
124 }
125
126 public CallerPrincipalCallback getThreadCallerPrincipalCallback()
127 {
128 CallerPrincipalCallback callerPrincipalCallback = _callerPrincipals.get();
129 _callerPrincipals.remove();
130 return callerPrincipalCallback;
131 }
132
133 public GroupPrincipalCallback getThreadGroupPrincipalCallback()
134 {
135 GroupPrincipalCallback groupPrincipalCallback = _groupPrincipals.get();
136 _groupPrincipals.remove();
137 return groupPrincipalCallback;
138 }
139 }