1 // ========================================================================
2 // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.security;
15
16 import javax.servlet.ServletContext;
17
18 import org.eclipse.jetty.http.security.Constraint;
19 import org.eclipse.jetty.security.Authenticator.Configuration;
20 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
21 import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;
22 import org.eclipse.jetty.security.authentication.DigestAuthenticator;
23 import org.eclipse.jetty.security.authentication.FormAuthenticator;
24 import org.eclipse.jetty.server.Server;
25
26 /* ------------------------------------------------------------ */
27 /**
28 * The Default Authenticator Factory.
29 * Uses the {@link Configuration#getAuthMethod()} to select an {@link Authenticator} from: <ul>
30 * <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li>
31 * <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li>
32 * <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li>
33 * <li>{@link org.eclipse.jetty.security.authentication.ClientCertAuthenticator}</li>
34 * </ul>
35 * All authenticators derived from {@link org.eclipse.jetty.security.authentication.LoginAuthenticator} are
36 * wrapped with a {@link org.eclipse.jetty.security.authentication.DeferredAuthentication}
37 * instance, which is used if authentication is not mandatory.
38 *
39 * The Authentications from the {@link org.eclipse.jetty.security.authentication.FormAuthenticator} are always wrapped in a
40 * {@link org.eclipse.jetty.security.authentication.SessionAuthentication}
41 * <p>
42 * If a {@link LoginService} has not been set on this factory, then
43 * the service is selected by searching the {@link Server#getBeans(Class)} results for
44 * a service that matches the realm name, else the first LoginService found is used.
45 *
46 */
47 public class DefaultAuthenticatorFactory implements Authenticator.Factory
48 {
49 LoginService _loginService;
50
51 public Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService)
52 {
53 String auth=configuration.getAuthMethod();
54 Authenticator authenticator=null;
55
56 if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
57 authenticator=new BasicAuthenticator();
58 else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
59 authenticator=new DigestAuthenticator();
60 else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
61 authenticator=new FormAuthenticator();
62 if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
63 authenticator=new ClientCertAuthenticator();
64
65 return authenticator;
66 }
67
68 /* ------------------------------------------------------------ */
69 /**
70 * @return the loginService
71 */
72 public LoginService getLoginService()
73 {
74 return _loginService;
75 }
76
77 /* ------------------------------------------------------------ */
78 /**
79 * @param loginService the loginService to set
80 */
81 public void setLoginService(LoginService loginService)
82 {
83 _loginService = loginService;
84 }
85
86 }