View Javadoc

1   package org.eclipse.jetty.security;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at 
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.opensource.org/licenses/apache2.0.php
14  //
15  //You may elect to redistribute this code under either of these licenses. 
16  //========================================================================
17  
18  import java.util.Properties;
19  
20  import javax.security.auth.Subject;
21  
22  import org.eclipse.jetty.server.UserIdentity;
23  import org.eclipse.jetty.util.component.AbstractLifeCycle;
24  import org.eclipse.jetty.util.log.Log;
25  import org.eclipse.jetty.util.log.Logger;
26  import org.eclipse.jetty.util.resource.Resource;
27  import org.eclipse.jetty.util.security.B64Code;
28  import org.ietf.jgss.GSSContext;
29  import org.ietf.jgss.GSSCredential;
30  import org.ietf.jgss.GSSException;
31  import org.ietf.jgss.GSSManager;
32  import org.ietf.jgss.GSSName;
33  import org.ietf.jgss.Oid;
34  
35  public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
36  {
37      private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
38  
39      protected IdentityService _identityService;// = new LdapIdentityService();
40      protected String _name;
41      private String _config;
42      
43      private String _targetName;
44  
45      public SpnegoLoginService()
46      {
47          
48      }
49      
50      public SpnegoLoginService( String name )
51      {
52          setName(name);
53      }
54      
55      public SpnegoLoginService( String name, String config )
56      {
57          setName(name);
58          setConfig(config);
59      }
60      
61      public String getName()
62      {
63          return _name;
64      }
65  
66      public void setName(String name)
67      {
68          if (isRunning())
69          {
70              throw new IllegalStateException("Running");
71          }
72          
73          _name = name;
74      }
75      
76      public String getConfig()
77      {
78          return _config;
79      }
80      
81      public void setConfig( String config )
82      {
83          if (isRunning())
84          {
85              throw new IllegalStateException("Running");
86          }
87          
88          _config = config;
89      }
90      
91      
92      
93      @Override
94      protected void doStart() throws Exception
95      {
96          Properties properties = new Properties();
97          Resource resource = Resource.newResource(_config);
98          properties.load(resource.getInputStream());
99          
100         _targetName = properties.getProperty("targetName");
101         
102         LOG.debug("Target Name {}", _targetName);
103         
104         super.doStart();
105     }
106 
107     /**
108      * username will be null since the credentials will contain all the relevant info
109      */
110     public UserIdentity login(String username, Object credentials)
111     {
112         String encodedAuthToken = (String)credentials;
113         
114         byte[] authToken = B64Code.decode(encodedAuthToken);
115         
116         GSSManager manager = GSSManager.getInstance();
117         try
118         {
119             Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
120             GSSName gssName = manager.createName(_targetName,null);
121             GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
122             GSSContext gContext = manager.createContext(serverCreds);
123 
124             if (gContext == null)
125             {
126                 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
127             }
128             else
129             {
130                 while (!gContext.isEstablished())
131                 {
132                     authToken = gContext.acceptSecContext(authToken,0,authToken.length);
133                 }
134                 if (gContext.isEstablished())
135                 {
136                     String clientName = gContext.getSrcName().toString();
137                     String role = clientName.substring(clientName.indexOf('@') + 1);
138                     
139                     LOG.debug("SpnegoUserRealm: established a security context");
140                     LOG.debug("Client Principal is: " + gContext.getSrcName());
141                     LOG.debug("Server Principal is: " + gContext.getTargName());
142                     LOG.debug("Client Default Role: " + role);
143 
144                     SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
145 
146                     Subject subject = new Subject();
147                     subject.getPrincipals().add(user);
148                     
149                     return _identityService.newUserIdentity(subject,user, new String[]{role});
150                 }
151             }
152 
153         }
154         catch (GSSException gsse)
155         {
156             LOG.warn(gsse);
157         }
158 
159         return null;
160     }
161 
162     public boolean validate(UserIdentity user)
163     {
164         return false;
165     }
166 
167     public IdentityService getIdentityService()
168     {
169         return _identityService;
170     }
171 
172     public void setIdentityService(IdentityService service)
173     {
174         _identityService = service;
175     }
176 
177 	public void logout(UserIdentity user) {
178 		// TODO Auto-generated method stub
179 		
180 	}
181 
182 }