View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security.jaspi.modules;
20  
21  import java.io.IOException;
22  import java.util.Map;
23  
24  import javax.security.auth.Subject;
25  import javax.security.auth.callback.CallbackHandler;
26  import javax.security.auth.callback.UnsupportedCallbackException;
27  import javax.security.auth.message.AuthException;
28  import javax.security.auth.message.AuthStatus;
29  import javax.security.auth.message.MessageInfo;
30  import javax.security.auth.message.MessagePolicy;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpServletResponse;
33  
34  import org.eclipse.jetty.http.HttpHeader;
35  import org.eclipse.jetty.util.log.Log;
36  import org.eclipse.jetty.util.log.Logger;
37  import org.eclipse.jetty.util.security.Constraint;
38  
39  @Deprecated
40  public class BasicAuthModule extends BaseAuthModule
41  {
42      private static final Logger LOG = Log.getLogger(BasicAuthModule.class);
43  
44  
45      private String realmName;
46  
47      private static final String REALM_KEY = "org.eclipse.jetty.security.jaspi.modules.RealmName";
48  
49      public BasicAuthModule()
50      {
51      }
52  
53      public BasicAuthModule(CallbackHandler callbackHandler, String realmName)
54      {
55          super(callbackHandler);
56          this.realmName = realmName;
57      }
58  
59      @Override
60      public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, 
61                             CallbackHandler handler, Map options) 
62      throws AuthException
63      {
64          super.initialize(requestPolicy, responsePolicy, handler, options);
65          realmName = (String) options.get(REALM_KEY);
66      }
67  
68      @Override
69      public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, 
70                                        Subject serviceSubject) 
71      throws AuthException
72      {
73          HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
74          HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
75          String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
76  
77          try
78          {
79              if (credentials != null)
80              {
81                  if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
82                  if (login(clientSubject, credentials, Constraint.__BASIC_AUTH, messageInfo)) { return AuthStatus.SUCCESS; }
83  
84              }
85  
86              if (!isMandatory(messageInfo)) { return AuthStatus.SUCCESS; }
87              response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + realmName + '"');
88              response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
89              return AuthStatus.SEND_CONTINUE;
90          }
91          catch (IOException e)
92          {
93              throw new AuthException(e.getMessage());
94          }
95          catch (UnsupportedCallbackException e)
96          {
97              throw new AuthException(e.getMessage());
98          }
99  
100     }
101 }