1 package org.eclipse.jetty.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.util.Properties;
19
20 import javax.security.auth.Subject;
21
22 import org.eclipse.jetty.server.UserIdentity;
23 import org.eclipse.jetty.util.component.AbstractLifeCycle;
24 import org.eclipse.jetty.util.log.Log;
25 import org.eclipse.jetty.util.log.Logger;
26 import org.eclipse.jetty.util.resource.Resource;
27 import org.eclipse.jetty.util.security.B64Code;
28 import org.ietf.jgss.GSSContext;
29 import org.ietf.jgss.GSSCredential;
30 import org.ietf.jgss.GSSException;
31 import org.ietf.jgss.GSSManager;
32 import org.ietf.jgss.GSSName;
33 import org.ietf.jgss.Oid;
34
35 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
36 {
37 private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
38
39 protected IdentityService _identityService;
40 protected String _name;
41 private String _config;
42
43 private String _targetName;
44
45 public SpnegoLoginService()
46 {
47
48 }
49
50 public SpnegoLoginService( String name )
51 {
52 setName(name);
53 }
54
55 public SpnegoLoginService( String name, String config )
56 {
57 setName(name);
58 setConfig(config);
59 }
60
61 public String getName()
62 {
63 return _name;
64 }
65
66 public void setName(String name)
67 {
68 if (isRunning())
69 {
70 throw new IllegalStateException("Running");
71 }
72
73 _name = name;
74 }
75
76 public String getConfig()
77 {
78 return _config;
79 }
80
81 public void setConfig( String config )
82 {
83 if (isRunning())
84 {
85 throw new IllegalStateException("Running");
86 }
87
88 _config = config;
89 }
90
91
92
93 @Override
94 protected void doStart() throws Exception
95 {
96 Properties properties = new Properties();
97 Resource resource = Resource.newResource(_config);
98 properties.load(resource.getInputStream());
99
100 _targetName = properties.getProperty("targetName");
101
102 LOG.debug("Target Name {}", _targetName);
103
104 super.doStart();
105 }
106
107
108
109
110 public UserIdentity login(String username, Object credentials)
111 {
112 String encodedAuthToken = (String)credentials;
113
114 byte[] authToken = B64Code.decode(encodedAuthToken);
115
116 GSSManager manager = GSSManager.getInstance();
117 try
118 {
119 Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
120 GSSName gssName = manager.createName(_targetName,null);
121 GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
122 GSSContext gContext = manager.createContext(serverCreds);
123
124 if (gContext == null)
125 {
126 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
127 }
128 else
129 {
130 while (!gContext.isEstablished())
131 {
132 authToken = gContext.acceptSecContext(authToken,0,authToken.length);
133 }
134 if (gContext.isEstablished())
135 {
136 String clientName = gContext.getSrcName().toString();
137 String role = clientName.substring(clientName.indexOf('@') + 1);
138
139 LOG.debug("SpnegoUserRealm: established a security context");
140 LOG.debug("Client Principal is: " + gContext.getSrcName());
141 LOG.debug("Server Principal is: " + gContext.getTargName());
142 LOG.debug("Client Default Role: " + role);
143
144 SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
145
146 Subject subject = new Subject();
147 subject.getPrincipals().add(user);
148
149 return _identityService.newUserIdentity(subject,user, new String[]{role});
150 }
151 }
152
153 }
154 catch (GSSException gsse)
155 {
156 LOG.warn(gsse);
157 }
158
159 return null;
160 }
161
162 public boolean validate(UserIdentity user)
163 {
164 return false;
165 }
166
167 public IdentityService getIdentityService()
168 {
169 return _identityService;
170 }
171
172 public void setIdentityService(IdentityService service)
173 {
174 _identityService = service;
175 }
176
177 public void logout(UserIdentity user) {
178
179
180 }
181
182 }