View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.jaspi;
15  
16  import java.security.Principal;
17  import java.util.HashMap;
18  import java.util.List;
19  import java.util.Map;
20  import java.util.Set;
21  
22  import javax.security.auth.Subject;
23  import javax.security.auth.message.AuthException;
24  import javax.security.auth.message.config.AuthConfigFactory;
25  import javax.security.auth.message.config.AuthConfigProvider;
26  import javax.security.auth.message.config.RegistrationListener;
27  import javax.security.auth.message.config.ServerAuthConfig;
28  import javax.servlet.ServletContext;
29  
30  import org.eclipse.jetty.security.Authenticator;
31  import org.eclipse.jetty.security.DefaultAuthenticatorFactory;
32  import org.eclipse.jetty.security.IdentityService;
33  import org.eclipse.jetty.security.LoginService;
34  import org.eclipse.jetty.security.Authenticator.AuthConfiguration;
35  import org.eclipse.jetty.server.Server;
36  import org.eclipse.jetty.util.log.Log;
37  import org.eclipse.jetty.util.log.Logger;
38  
39  public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory
40  {
41      private static final Logger LOG = Log.getLogger(JaspiAuthenticatorFactory.class);
42  
43      private static String MESSAGE_LAYER = "HTTP";
44      
45      private Subject _serviceSubject;
46      private String _serverName;
47      
48  
49      /* ------------------------------------------------------------ */
50      /**
51       * @return the serviceSubject
52       */
53      public Subject getServiceSubject()
54      {
55          return _serviceSubject;
56      }
57  
58      /* ------------------------------------------------------------ */
59      /**
60       * @param serviceSubject the serviceSubject to set
61       */
62      public void setServiceSubject(Subject serviceSubject)
63      {
64          _serviceSubject = serviceSubject;
65      }
66  
67      /* ------------------------------------------------------------ */
68      /**
69       * @return the serverName
70       */
71      public String getServerName()
72      {
73          return _serverName;
74      }
75  
76      /* ------------------------------------------------------------ */
77      /**
78       * @param serverName the serverName to set
79       */
80      public void setServerName(String serverName)
81      {
82          _serverName = serverName;
83      }
84  
85      /* ------------------------------------------------------------ */
86      public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService)
87      {
88          Authenticator authenticator=null;
89          try 
90          {
91              AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
92              RegistrationListener listener = new RegistrationListener()
93              {
94                  public void notify(String layer, String appContext)
95                  {}
96              };
97  
98              Subject serviceSubject=findServiceSubject(server);
99              String serverName=findServerName(server,serviceSubject);
100             
101             
102             String appContext = serverName + " " + context.getContextPath();
103             AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
104             if (authConfigProvider != null)
105             {
106                 ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
107                 ServerAuthConfig serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER,appContext,servletCallbackHandler);
108                 if (serverAuthConfig != null)
109                 {
110                     Map map = new HashMap();
111                     for (String key : configuration.getInitParameterNames())
112                         map.put(key,configuration.getInitParameter(key));
113                     authenticator= new JaspiAuthenticator(serverAuthConfig,map,servletCallbackHandler,
114                                 serviceSubject,true, identityService);
115                 }
116             }
117         } 
118         catch (AuthException e) 
119         {
120             LOG.warn(e);
121         }
122         return authenticator;
123     }
124 
125     /* ------------------------------------------------------------ */
126     /** Find a service Subject.
127      * If {@link #setServiceSubject(Subject)} has not been used to 
128      * set a subject, then the {@link Server#getBeans(Class)} method is
129      * used to look for a Subject.
130      */
131     protected Subject findServiceSubject(Server server)
132     {
133         if (_serviceSubject!=null)
134             return _serviceSubject;
135         List subjects = server.getBeans(Subject.class);
136         if (subjects.size()>0)
137             return (Subject)subjects.get(0);
138         return null;
139     }
140 
141     /* ------------------------------------------------------------ */
142     /** Find a servername.
143      * If {@link #setServerName(String)} has not been called, then
144      * use the name of the a principal in the service subject.
145      * If not found, return "server".
146      */
147     protected String findServerName(Server server, Subject subject)
148     {
149         if (_serverName!=null)
150             return _serverName;
151         if (subject!=null)
152         {
153             Set<Principal> principals = subject.getPrincipals();
154             if (principals!=null && !principals.isEmpty())
155                 return principals.iterator().next().getName();
156         }
157         
158         return "server";
159     }
160 }