1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.plus.jaas;
15
16 import java.io.IOException;
17 import java.security.Principal;
18 import java.util.ArrayList;
19 import java.util.Arrays;
20 import java.util.Collection;
21 import java.util.LinkedHashSet;
22 import java.util.Set;
23
24 import javax.security.auth.Subject;
25 import javax.security.auth.callback.Callback;
26 import javax.security.auth.callback.CallbackHandler;
27 import javax.security.auth.callback.NameCallback;
28 import javax.security.auth.callback.PasswordCallback;
29 import javax.security.auth.callback.UnsupportedCallbackException;
30 import javax.security.auth.login.LoginContext;
31 import javax.security.auth.login.LoginException;
32
33 import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
34 import org.eclipse.jetty.security.DefaultIdentityService;
35 import org.eclipse.jetty.security.IdentityService;
36 import org.eclipse.jetty.security.LoginService;
37 import org.eclipse.jetty.security.ServerAuthException;
38 import org.eclipse.jetty.server.UserIdentity;
39 import org.eclipse.jetty.util.component.AbstractLifeCycle;
40 import org.eclipse.jetty.util.log.Log;
41
42
43
44
45
46
47 public class JAASLoginService extends AbstractLifeCycle implements LoginService
48 {
49 public static String DEFAULT_ROLE_CLASS_NAME = "org.eclipse.jetty.plus.jaas.JAASRole";
50 public static String[] DEFAULT_ROLE_CLASS_NAMES = {DEFAULT_ROLE_CLASS_NAME};
51
52 protected String[] _roleClassNames = DEFAULT_ROLE_CLASS_NAMES;
53 protected String _callbackHandlerClass;
54 protected String _realmName;
55 protected String _loginModuleName;
56 protected JAASUserPrincipal _defaultUser = new JAASUserPrincipal(null, null, null);
57 protected IdentityService _identityService;
58
59
60
61
62
63
64 public JAASLoginService()
65 {
66 }
67
68
69
70
71
72
73
74
75 public JAASLoginService(String name)
76 {
77 this();
78 _realmName = name;
79 _loginModuleName = name;
80 }
81
82
83
84
85
86
87
88
89 public String getName()
90 {
91 return _realmName;
92 }
93
94
95
96
97
98
99
100
101 public void setName (String name)
102 {
103 _realmName = name;
104 }
105
106
107
108
109
110
111
112 public IdentityService getIdentityService()
113 {
114 return _identityService;
115 }
116
117
118
119
120
121
122 public void setIdentityService(IdentityService identityService)
123 {
124 _identityService = identityService;
125 }
126
127
128
129
130
131
132
133
134
135 public void setLoginModuleName (String name)
136 {
137 _loginModuleName = name;
138 }
139
140
141
142 public void setCallbackHandlerClass (String classname)
143 {
144 _callbackHandlerClass = classname;
145 }
146
147
148 public void setRoleClassNames (String[] classnames)
149 {
150 ArrayList<String> tmp = new ArrayList<String>();
151
152 if (classnames != null)
153 tmp.addAll(Arrays.asList(classnames));
154
155 if (!tmp.contains(DEFAULT_ROLE_CLASS_NAME))
156 tmp.add(DEFAULT_ROLE_CLASS_NAME);
157 _roleClassNames = tmp.toArray(new String[tmp.size()]);
158 }
159
160
161 public String[] getRoleClassNames()
162 {
163 return _roleClassNames;
164 }
165
166
167
168
169
170 protected void doStart() throws Exception
171 {
172 if (_identityService==null)
173 _identityService=new DefaultIdentityService();
174 super.doStart();
175 }
176
177
178 public UserIdentity login(final String username,final Object credentials)
179 {
180 try
181 {
182 CallbackHandler callbackHandler = new CallbackHandler()
183 {
184
185 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
186 {
187 for (Callback callback: callbacks)
188 {
189 if (callback instanceof NameCallback)
190 {
191 ((NameCallback)callback).setName(username);
192 }
193 else if (callback instanceof PasswordCallback)
194 {
195 ((PasswordCallback)callback).setPassword((char[]) credentials.toString().toCharArray());
196 }
197 else if (callback instanceof ObjectCallback)
198 {
199 ((ObjectCallback)callback).setObject(credentials);
200 }
201 }
202 }
203 };
204
205
206 Subject subject = new Subject();
207 LoginContext loginContext = new LoginContext(_loginModuleName, subject, callbackHandler);
208
209 loginContext.login();
210
211
212 JAASUserPrincipal userPrincipal = new JAASUserPrincipal(getUserName(callbackHandler), subject, loginContext);
213 subject.getPrincipals().add(userPrincipal);
214
215 return _identityService.newUserIdentity(subject,userPrincipal,getGroups(subject));
216 }
217 catch (LoginException e)
218 {
219 Log.warn(e);
220 }
221 catch (IOException e)
222 {
223 Log.warn(e);
224 }
225 catch (UnsupportedCallbackException e)
226 {
227 Log.warn(e);
228 }
229 return null;
230 }
231
232
233 private String getUserName(CallbackHandler callbackHandler) throws IOException, UnsupportedCallbackException
234 {
235 NameCallback nameCallback = new NameCallback("foo");
236 callbackHandler.handle(new Callback[] {nameCallback});
237 return nameCallback.getName();
238 }
239
240
241 public void logout(UserIdentity user)
242 {
243 Set<JAASUserPrincipal> userPrincipals = user.getSubject().getPrincipals(JAASUserPrincipal.class);
244 LoginContext loginContext = userPrincipals.iterator().next().getLoginContext();
245 try
246 {
247 loginContext.logout();
248 }
249 catch (LoginException e)
250 {
251 Log.warn(e);
252 }
253 }
254
255
256
257 private String[] getGroups (Subject subject)
258 {
259
260 String[] roleClassNames = getRoleClassNames();
261 Collection<String> groups = new LinkedHashSet<String>();
262 try
263 {
264 for (String roleClassName : roleClassNames)
265 {
266 Class load_class = Thread.currentThread().getContextClassLoader().loadClass(roleClassName);
267 Set<Principal> rolesForType = subject.getPrincipals(load_class);
268 for (Principal principal : rolesForType)
269 {
270 groups.add(principal.getName());
271 }
272 }
273
274 return groups.toArray(new String[groups.size()]);
275 }
276 catch (ClassNotFoundException e)
277 {
278 throw new RuntimeException(e);
279 }
280 }
281
282 }