1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.jaspi;
15
16 import java.io.IOException;
17
18 import javax.security.auth.Subject;
19 import javax.security.auth.callback.Callback;
20 import javax.security.auth.callback.CallbackHandler;
21 import javax.security.auth.callback.UnsupportedCallbackException;
22 import javax.security.auth.message.callback.CallerPrincipalCallback;
23 import javax.security.auth.message.callback.CertStoreCallback;
24 import javax.security.auth.message.callback.GroupPrincipalCallback;
25 import javax.security.auth.message.callback.PasswordValidationCallback;
26 import javax.security.auth.message.callback.PrivateKeyCallback;
27 import javax.security.auth.message.callback.SecretKeyCallback;
28 import javax.security.auth.message.callback.TrustStoreCallback;
29
30 import org.eclipse.jetty.security.LoginService;
31 import org.eclipse.jetty.security.authentication.LoginCallback;
32 import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
33 import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
34 import org.eclipse.jetty.server.UserIdentity;
35
36
37
38
39
40
41
42 public class ServletCallbackHandler implements CallbackHandler
43 {
44 private final LoginService _loginService;
45
46 private final ThreadLocal<CallerPrincipalCallback> _callerPrincipals = new ThreadLocal<CallerPrincipalCallback>();
47 private final ThreadLocal<GroupPrincipalCallback> _groupPrincipals = new ThreadLocal<GroupPrincipalCallback>();
48
49 public ServletCallbackHandler(LoginService loginService)
50 {
51 _loginService = loginService;
52 }
53
54 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
55 {
56 for (Callback callback : callbacks)
57 {
58
59 if (callback instanceof CallerPrincipalCallback)
60 {
61 _callerPrincipals.set((CallerPrincipalCallback) callback);
62 }
63 else if (callback instanceof GroupPrincipalCallback)
64 {
65 _groupPrincipals.set((GroupPrincipalCallback) callback);
66 }
67 else if (callback instanceof PasswordValidationCallback)
68 {
69 PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
70 Subject subject = passwordValidationCallback.getSubject();
71
72 UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(),passwordValidationCallback.getPassword());
73
74 if (user!=null)
75 {
76 passwordValidationCallback.setResult(true);
77 passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
78 passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
79 }
80 }
81 else if (callback instanceof CredentialValidationCallback)
82 {
83 CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
84 Subject subject = credentialValidationCallback.getSubject();
85 LoginCallback loginCallback = new LoginCallbackImpl(subject,
86 credentialValidationCallback.getUsername(),
87 credentialValidationCallback.getCredential());
88
89 UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(),credentialValidationCallback.getCredential());
90
91 if (user!=null)
92 {
93 credentialValidationCallback.setResult(true);
94
95 credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
96 credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
97 }
98 }
99
100
101 else if (callback instanceof CertStoreCallback)
102 {
103 }
104 else if (callback instanceof PrivateKeyCallback)
105 {
106 }
107 else if (callback instanceof SecretKeyCallback)
108 {
109 }
110 else if (callback instanceof TrustStoreCallback)
111 {
112 }
113 else
114 {
115 throw new UnsupportedCallbackException(callback);
116 }
117 }
118 }
119
120 public CallerPrincipalCallback getThreadCallerPrincipalCallback()
121 {
122 CallerPrincipalCallback callerPrincipalCallback = _callerPrincipals.get();
123 _callerPrincipals.remove();
124 return callerPrincipalCallback;
125 }
126
127 public GroupPrincipalCallback getThreadGroupPrincipalCallback()
128 {
129 GroupPrincipalCallback groupPrincipalCallback = _groupPrincipals.get();
130 _groupPrincipals.remove();
131 return groupPrincipalCallback;
132 }
133 }