1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.eclipse.jetty.security;
16
17 import java.io.IOException;
18 import java.io.Serializable;
19 import java.security.Principal;
20 import java.util.Map;
21 import java.util.concurrent.ConcurrentHashMap;
22 import java.util.concurrent.ConcurrentMap;
23
24 import javax.security.auth.Subject;
25
26 import org.eclipse.jetty.http.security.Credential;
27 import org.eclipse.jetty.server.UserIdentity;
28 import org.eclipse.jetty.util.component.AbstractLifeCycle;
29 import org.eclipse.jetty.util.log.Log;
30
31
32
33
34
35
36
37
38
39 public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService
40 {
41 protected IdentityService _identityService=new DefaultIdentityService();
42 protected String _name;
43 protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>();
44
45
46 protected MappedLoginService()
47 {
48 }
49
50
51
52
53
54 public String getName()
55 {
56 return _name;
57 }
58
59
60
61
62
63 public IdentityService getIdentityService()
64 {
65 return _identityService;
66 }
67
68
69
70
71
72 public ConcurrentMap<String, UserIdentity> getUsers()
73 {
74 return _users;
75 }
76
77
78
79
80
81 public void setIdentityService(IdentityService identityService)
82 {
83 if (isRunning())
84 throw new IllegalStateException("Running");
85 _identityService = identityService;
86 }
87
88
89
90
91
92 public void setName(String name)
93 {
94 if (isRunning())
95 throw new IllegalStateException("Running");
96 _name = name;
97 }
98
99
100
101
102
103 public void setUsers(Map<String, UserIdentity> users)
104 {
105 if (isRunning())
106 throw new IllegalStateException("Running");
107 _users.clear();
108 _users.putAll(users);
109 }
110
111
112
113
114
115 @Override
116 protected void doStart() throws Exception
117 {
118 loadUsers();
119 super.doStart();
120 }
121
122
123 @Override
124 protected void doStop() throws Exception
125 {
126 super.doStop();
127 }
128
129
130 public void logout(UserIdentity identity)
131 {
132 Log.debug("logout {}",identity);
133 }
134
135
136 @Override
137 public String toString()
138 {
139 return this.getClass().getSimpleName()+"["+_name+"]";
140 }
141
142
143
144
145
146
147
148
149
150 protected synchronized UserIdentity putUser(String userName, Object info)
151 {
152 final UserIdentity identity;
153 if (info instanceof UserIdentity)
154 identity=(UserIdentity)info;
155 else
156 {
157 Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString());
158
159 Principal userPrincipal = new KnownUser(userName,credential);
160 Subject subject = new Subject();
161 subject.getPrincipals().add(userPrincipal);
162 subject.getPrivateCredentials().add(credential);
163 subject.setReadOnly();
164 identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES);
165 }
166
167 _users.put(userName,identity);
168 return identity;
169 }
170
171
172
173
174
175
176
177
178 public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles)
179 {
180 Principal userPrincipal = new KnownUser(userName,credential);
181 Subject subject = new Subject();
182 subject.getPrincipals().add(userPrincipal);
183 subject.getPrivateCredentials().add(credential);
184
185 if (roles!=null)
186 for (String role : roles)
187 subject.getPrincipals().add(new RolePrincipal(role));
188
189 subject.setReadOnly();
190 UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
191 _users.put(userName,identity);
192 return identity;
193 }
194
195
196 public void removeUser(String username)
197 {
198 _users.remove(username);
199 }
200
201
202
203
204
205 public UserIdentity login(String username, Object credentials)
206 {
207 UserIdentity user = _users.get(username);
208
209 if (user==null)
210 user = loadUser(username);
211
212 if (user!=null)
213 {
214 UserPrincipal principal = (UserPrincipal)user.getUserPrincipal();
215 if (principal.authenticate(credentials))
216 return user;
217 }
218 return null;
219 }
220
221
222 public boolean validate(UserIdentity user)
223 {
224 if (_users.containsKey(user.getUserPrincipal().getName()))
225 return true;
226
227 if (loadUser(user.getUserPrincipal().getName())!=null)
228 return true;
229
230 return false;
231 }
232
233
234 protected abstract UserIdentity loadUser(String username);
235
236
237 protected abstract void loadUsers() throws IOException;
238
239
240
241
242
243 public interface UserPrincipal extends Principal,Serializable
244 {
245 boolean authenticate(Object credentials);
246 public boolean isAuthenticated();
247 }
248
249
250
251
252 public static class RolePrincipal implements Principal,Serializable
253 {
254 private static final long serialVersionUID = 2998397924051854402L;
255 private final String _roleName;
256 public RolePrincipal(String name)
257 {
258 _roleName=name;
259 }
260 public String getName()
261 {
262 return _roleName;
263 }
264 }
265
266
267
268
269 public static class Anonymous implements UserPrincipal,Serializable
270 {
271 private static final long serialVersionUID = 1097640442553284845L;
272
273 public boolean isAuthenticated()
274 {
275 return false;
276 }
277
278 public String getName()
279 {
280 return "Anonymous";
281 }
282
283 public boolean authenticate(Object credentials)
284 {
285 return false;
286 }
287
288 }
289
290
291
292
293 public static class KnownUser implements UserPrincipal,Serializable
294 {
295 private static final long serialVersionUID = -6226920753748399662L;
296 private final String _name;
297 private final Credential _credential;
298
299
300 public KnownUser(String name,Credential credential)
301 {
302 _name=name;
303 _credential=credential;
304 }
305
306
307 public boolean authenticate(Object credentials)
308 {
309 return _credential!=null && _credential.check(credentials);
310 }
311
312
313 public String getName()
314 {
315 return _name;
316 }
317
318
319 public boolean isAuthenticated()
320 {
321 return true;
322 }
323
324
325 @Override
326 public String toString()
327 {
328 return _name;
329 }
330 }
331 }
332