JaspiAuthenticator xref

View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.jaspi;
15  
16  import java.security.Principal;
17  import java.util.Map;
18  import java.util.Set;        
19  
20  import javax.security.auth.Subject;
21  import javax.security.auth.message.AuthException;
22  import javax.security.auth.message.AuthStatus;
23  import javax.security.auth.message.callback.CallerPrincipalCallback;
24  import javax.security.auth.message.callback.GroupPrincipalCallback;
25  import javax.security.auth.message.config.ServerAuthConfig;
26  import javax.security.auth.message.config.ServerAuthContext;
27  import javax.servlet.ServletRequest;
28  import javax.servlet.ServletResponse;
29  
30  import org.eclipse.jetty.security.Authenticator;
31  import org.eclipse.jetty.security.UserAuthentication;
32  import org.eclipse.jetty.security.ServerAuthException;
33  import org.eclipse.jetty.security.IdentityService;
34  import org.eclipse.jetty.security.authentication.DeferredAuthentication;
35  import org.eclipse.jetty.server.Authentication;
36  import org.eclipse.jetty.server.UserIdentity;
37  import org.eclipse.jetty.server.Authentication.User;
38  
39  /**
40   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
41   */
42  public class JaspiAuthenticator implements Authenticator
43  {
44      private final ServerAuthConfig _authConfig;
45      private final Map _authProperties;
46      private final ServletCallbackHandler _callbackHandler;
47      private final Subject _serviceSubject;
48      private final boolean _allowLazyAuthentication;
49      private final IdentityService _identityService;
50      private final DeferredAuthentication _deferred;
51  
52      public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler,
53                                Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService)
54      {
55          // TODO maybe pass this in via setConfiguration ?
56          if (callbackHandler == null)
57              throw new NullPointerException("No CallbackHandler");
58          if (authConfig == null)
59              throw new NullPointerException("No AuthConfig");
60          this._authConfig = authConfig;
61          this._authProperties = authProperties;
62          this._callbackHandler = callbackHandler;
63          this._serviceSubject = serviceSubject;
64          this._allowLazyAuthentication = allowLazyAuthentication;
65          this._identityService = identityService;
66          this._deferred=new DeferredAuthentication(this);
67      }
68  
69  
70      public void setConfiguration(Configuration configuration)
71      {
72      }
73      
74      
75      public String getAuthMethod()
76      {
77          return "JASPI";
78      }
79  
80      public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
81      {
82          if (_allowLazyAuthentication && !mandatory)
83              return _deferred;
84          
85          JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
86          request.setAttribute("org.eclipse.jetty.security.jaspi.info",info);
87          return validateRequest(info);
88      }
89  
90      // most likely validatedUser is not needed here.
91      public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
92      {
93          JaspiMessageInfo info = (JaspiMessageInfo)req.getAttribute("org.eclipse.jetty.security.jaspi.info");
94          if (info==null) throw new NullPointerException("MeesageInfo from request missing: " + req);
95          return secureResponse(info,validatedUser);
96      }
97      
98      public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
99      {
100         try
101         {
102             String authContextId = _authConfig.getAuthContextID(messageInfo);
103             ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
104             Subject clientSubject = new Subject();
105 
106             AuthStatus authStatus = authContext.validateRequest(messageInfo,clientSubject,_serviceSubject);
107 //            String authMethod = (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
108 
109             if (authStatus == AuthStatus.SEND_CONTINUE)
110                 return Authentication.SEND_CONTINUE;
111             if (authStatus == AuthStatus.SEND_FAILURE)
112                 return Authentication.SEND_FAILURE;
113             
114             if (authStatus == AuthStatus.SUCCESS)
115             {
116             Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
117                 UserIdentity userIdentity;
118                 if (ids.size() > 0) {
119                     userIdentity = ids.iterator().next();
120 //                    return new FormAuthenticator.FormAuthentication(this,ids.iterator().next());
121                 } else {
122                     CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
123                     if (principalCallback == null) throw new NullPointerException("No CallerPrincipalCallback");
124                     Principal principal = principalCallback.getPrincipal();
125                     if (principal == null) {
126                         String principalName = principalCallback.getName();
127                         Set<Principal> principals = principalCallback.getSubject().getPrincipals();
128                         for (Principal p: principals)
129                         {
130                             if (p.getName().equals(principalName))
131                             {
132                                 principal = p;
133                                 break;
134                             }
135                         }
136                         if (principal == null)
137                         {
138                             return Authentication.UNAUTHENTICATED;
139                         }
140                     }
141                     GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
142                     String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
143                     userIdentity = _identityService.newUserIdentity(clientSubject, principal, groups);
144                 }
145                 return new UserAuthentication(this, userIdentity);
146             }
147             if (authStatus == AuthStatus.SEND_SUCCESS)
148             {
149                 //we are processing a message in a secureResponse dialog.
150                 return Authentication.SEND_SUCCESS;
151             }
152             //should not happen
153             throw new NullPointerException("No AuthStatus returned");
154         }
155         catch (AuthException e)
156         {
157             throw new ServerAuthException(e);
158         }
159     }
160 
161     public boolean secureResponse(JaspiMessageInfo messageInfo, Authentication validatedUser) throws ServerAuthException
162     {
163         try
164         {
165             String authContextId = _authConfig.getAuthContextID(messageInfo);
166             ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
167             // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
168             AuthStatus status = authContext.secureResponse(messageInfo,_serviceSubject);
169             return (AuthStatus.SEND_SUCCESS.equals(status));
170         }
171         catch (AuthException e)
172         {
173             throw new ServerAuthException(e);
174         }
175     }
176 
177 }