1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.jaspi.modules;
15
16 import java.io.IOException;
17 import java.util.Map;
18 import java.util.Set;
19
20 import javax.security.auth.Subject;
21 import javax.security.auth.callback.Callback;
22 import javax.security.auth.callback.CallbackHandler;
23 import javax.security.auth.callback.UnsupportedCallbackException;
24 import javax.security.auth.message.AuthException;
25 import javax.security.auth.message.AuthStatus;
26 import javax.security.auth.message.MessageInfo;
27 import javax.security.auth.message.MessagePolicy;
28 import javax.security.auth.message.callback.CallerPrincipalCallback;
29 import javax.security.auth.message.callback.GroupPrincipalCallback;
30 import javax.security.auth.message.config.ServerAuthContext;
31 import javax.security.auth.message.module.ServerAuthModule;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34
35 import org.eclipse.jetty.http.security.Credential;
36 import org.eclipse.jetty.http.security.Password;
37 import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
38 import org.eclipse.jetty.security.jaspi.JaspiMessageInfo;
39 import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
40 import org.eclipse.jetty.util.B64Code;
41 import org.eclipse.jetty.util.StringUtil;
42
43
44
45
46
47 public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
48 {
49 private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
50
51 protected static final String LOGIN_SERVICE_KEY = "org.eclipse.jetty.security.jaspi.modules.LoginService";
52
53 protected CallbackHandler callbackHandler;
54
55 public Class[] getSupportedMessageTypes()
56 {
57 return SUPPORTED_MESSAGE_TYPES;
58 }
59
60 public BaseAuthModule()
61 {
62 }
63
64 public BaseAuthModule(CallbackHandler callbackHandler)
65 {
66 this.callbackHandler = callbackHandler;
67 }
68
69 public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException
70 {
71 this.callbackHandler = handler;
72 }
73
74 public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
75 {
76
77
78
79
80
81
82
83
84
85
86
87
88 }
89
90 public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
91 {
92
93 return AuthStatus.SUCCESS;
94 }
95
96 public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
97 {
98 return AuthStatus.FAILURE;
99 }
100
101
102
103
104
105 protected boolean isMandatory(MessageInfo messageInfo)
106 {
107 String mandatory = (String) messageInfo.getMap().get(JaspiMessageInfo.MANDATORY_KEY);
108 if (mandatory == null) return false;
109 return Boolean.valueOf(mandatory);
110 }
111
112 protected boolean login(Subject clientSubject, String credentials,
113 String authMethod, MessageInfo messageInfo)
114 throws IOException, UnsupportedCallbackException
115 {
116 credentials = credentials.substring(credentials.indexOf(' ')+1);
117 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
118 int i = credentials.indexOf(':');
119 String userName = credentials.substring(0,i);
120 String password = credentials.substring(i+1);
121 return login(clientSubject, userName, new Password(password), authMethod, messageInfo);
122 }
123
124 protected boolean login(Subject clientSubject, String username,
125 Credential credential, String authMethod,
126 MessageInfo messageInfo)
127 throws IOException, UnsupportedCallbackException
128 {
129 CredentialValidationCallback credValidationCallback = new CredentialValidationCallback(clientSubject, username, credential);
130 callbackHandler.handle(new Callback[] { credValidationCallback });
131 if (credValidationCallback.getResult())
132 {
133 Set<LoginCallbackImpl> loginCallbacks = clientSubject.getPrivateCredentials(LoginCallbackImpl.class);
134 if (!loginCallbacks.isEmpty())
135 {
136 LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();
137 CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, loginCallback.getUserPrincipal());
138 GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, loginCallback.getRoles());
139 callbackHandler.handle(new Callback[] { callerPrincipalCallback, groupPrincipalCallback });
140 }
141 messageInfo.getMap().put(JaspiMessageInfo.AUTH_METHOD_KEY, authMethod);
142 }
143 return credValidationCallback.getResult();
144
145 }
146 }