View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security.jaspi;
20  
21  import java.io.IOException;
22  
23  import javax.security.auth.Subject;
24  import javax.security.auth.callback.Callback;
25  import javax.security.auth.callback.CallbackHandler;
26  import javax.security.auth.callback.UnsupportedCallbackException;
27  import javax.security.auth.message.callback.CallerPrincipalCallback;
28  import javax.security.auth.message.callback.CertStoreCallback;
29  import javax.security.auth.message.callback.GroupPrincipalCallback;
30  import javax.security.auth.message.callback.PasswordValidationCallback;
31  import javax.security.auth.message.callback.PrivateKeyCallback;
32  import javax.security.auth.message.callback.SecretKeyCallback;
33  import javax.security.auth.message.callback.TrustStoreCallback;
34  
35  import org.eclipse.jetty.security.LoginService;
36  import org.eclipse.jetty.security.authentication.LoginCallback;
37  import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
38  import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
39  import org.eclipse.jetty.server.UserIdentity;
40  
41  /**
42   * 
43   * Idiot class required by jaspi stupidity
44   * 
45   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
46   */
47  public class ServletCallbackHandler implements CallbackHandler
48  {
49      private final LoginService _loginService;
50  
51      private final ThreadLocal<CallerPrincipalCallback> _callerPrincipals = new ThreadLocal<CallerPrincipalCallback>();
52      private final ThreadLocal<GroupPrincipalCallback> _groupPrincipals = new ThreadLocal<GroupPrincipalCallback>();
53  
54      public ServletCallbackHandler(LoginService loginService)
55      {
56          _loginService = loginService;
57      }
58  
59      public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
60      {
61          for (Callback callback : callbacks)
62          {
63              // jaspi to server communication
64              if (callback instanceof CallerPrincipalCallback)
65              {
66                  _callerPrincipals.set((CallerPrincipalCallback) callback);
67              }
68              else if (callback instanceof GroupPrincipalCallback)
69              {
70                  _groupPrincipals.set((GroupPrincipalCallback) callback);
71              }
72              else if (callback instanceof PasswordValidationCallback)
73              {
74                  PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
75                  Subject subject = passwordValidationCallback.getSubject();
76  
77                  UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(),passwordValidationCallback.getPassword());
78                  
79                  if (user!=null)
80                  {
81                      passwordValidationCallback.setResult(true);
82                      passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
83                      passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
84                  }
85              }
86              else if (callback instanceof CredentialValidationCallback)
87              {
88                  CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
89                  Subject subject = credentialValidationCallback.getSubject();
90                  LoginCallback loginCallback = new LoginCallbackImpl(subject,
91                          credentialValidationCallback.getUsername(),
92                          credentialValidationCallback.getCredential());
93  
94                  UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(),credentialValidationCallback.getCredential());
95  
96                  if (user!=null)
97                  {
98                      loginCallback.setUserPrincipal(user.getUserPrincipal());
99                      credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
100                     credentialValidationCallback.setResult(true);
101                     credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
102                     credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
103                 }
104             }
105             // server to jaspi communication
106             // TODO implement these
107             else if (callback instanceof CertStoreCallback)
108             {
109             }
110             else if (callback instanceof PrivateKeyCallback)
111             {
112             }
113             else if (callback instanceof SecretKeyCallback)
114             {
115             }
116             else if (callback instanceof TrustStoreCallback)
117             {
118             }
119             else
120             {
121                 throw new UnsupportedCallbackException(callback);
122             }
123         }
124     }
125 
126     public CallerPrincipalCallback getThreadCallerPrincipalCallback()
127     {
128         CallerPrincipalCallback callerPrincipalCallback = _callerPrincipals.get();
129         _callerPrincipals.remove();
130         return callerPrincipalCallback;
131     }
132 
133     public GroupPrincipalCallback getThreadGroupPrincipalCallback()
134     {
135         GroupPrincipalCallback groupPrincipalCallback = _groupPrincipals.get();
136         _groupPrincipals.remove();
137         return groupPrincipalCallback;
138     }
139 }