1 package org.eclipse.jetty.security.authentication;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.io.IOException;
19
20 import javax.servlet.ServletRequest;
21 import javax.servlet.ServletResponse;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24
25 import org.eclipse.jetty.http.HttpHeaders;
26 import org.eclipse.jetty.http.security.Constraint;
27 import org.eclipse.jetty.security.ServerAuthException;
28 import org.eclipse.jetty.security.UserAuthentication;
29 import org.eclipse.jetty.server.Authentication;
30 import org.eclipse.jetty.server.Authentication.User;
31 import org.eclipse.jetty.server.UserIdentity;
32 import org.eclipse.jetty.util.log.Log;
33
34 public class SpnegoAuthenticator extends LoginAuthenticator
35 {
36 public String getAuthMethod()
37 {
38 return Constraint.__SPNEGO_AUTH;
39 }
40
41 public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
42 {
43 HttpServletRequest req = (HttpServletRequest)request;
44 HttpServletResponse res = (HttpServletResponse)response;
45
46 String header = req.getHeader(HttpHeaders.AUTHORIZATION);
47
48 if (!mandatory)
49 {
50 return _deferred;
51 }
52
53
54 if ( header == null )
55 {
56 try
57 {
58 if (_deferred.isDeferred(res))
59 {
60 return Authentication.UNAUTHENTICATED;
61 }
62
63 Log.debug("SpengoAuthenticator: sending challenge");
64 res.setHeader(HttpHeaders.WWW_AUTHENTICATE, HttpHeaders.NEGOTIATE);
65 res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
66 return Authentication.SEND_CONTINUE;
67 }
68 catch (IOException ioe)
69 {
70 throw new ServerAuthException(ioe);
71 }
72 }
73 else if (header != null && header.startsWith(HttpHeaders.NEGOTIATE))
74 {
75 String spnegoToken = header.substring(10);
76
77 UserIdentity user = _loginService.login(null,spnegoToken);
78
79 if ( user != null )
80 {
81 return new UserAuthentication(getAuthMethod(),user);
82 }
83 }
84
85 return Authentication.UNAUTHENTICATED;
86 }
87
88 public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException
89 {
90 return true;
91 }
92
93 }