src/java/org/eclipse/jetty/security/SpnegoLoginService.java - platform/external/jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //

 package org.eclipse.jetty.security;

 import java.util.Properties;

 import javax.security.auth.Subject;

 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.util.component.AbstractLifeCycle;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.security.B64Code;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
 import org.ietf.jgss.Oid;

 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
 {
     private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);

     protected IdentityService _identityService;// = new LdapIdentityService();
     protected String _name;
     private String _config;

     private String _targetName;

     public SpnegoLoginService()
     {

     }

     public SpnegoLoginService( String name )
     {
         setName(name);
     }

     public SpnegoLoginService( String name, String config )
     {
         setName(name);
         setConfig(config);
     }

     public String getName()
     {
         return _name;
     }

     public void setName(String name)
     {
         if (isRunning())
         {
             throw new IllegalStateException("Running");
         }

         _name = name;
     }

     public String getConfig()
     {
         return _config;
     }

     public void setConfig( String config )
     {
         if (isRunning())
         {
             throw new IllegalStateException("Running");
         }

         _config = config;
     }


     @Override
     protected void doStart() throws Exception
     {
         Properties properties = new Properties();
         Resource resource = Resource.newResource(_config);
         properties.load(resource.getInputStream());

         _targetName = properties.getProperty("targetName");

         LOG.debug("Target Name {}", _targetName);

         super.doStart();
     }

     /**
      * username will be null since the credentials will contain all the relevant info
      */
     public UserIdentity login(String username, Object credentials)
     {
         String encodedAuthToken = (String)credentials;

         byte[] authToken = B64Code.decode(encodedAuthToken);

         GSSManager manager = GSSManager.getInstance();
         try
         {
             Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
             GSSName gssName = manager.createName(_targetName,null);
             GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
             GSSContext gContext = manager.createContext(serverCreds);

             if (gContext == null)
             {
                 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
             }
             else
             {
                 while (!gContext.isEstablished())
                 {
                     authToken = gContext.acceptSecContext(authToken,0,authToken.length);
                 }
                 if (gContext.isEstablished())
                 {
                     String clientName = gContext.getSrcName().toString();
                     String role = clientName.substring(clientName.indexOf('@') + 1);

                     LOG.debug("SpnegoUserRealm: established a security context");
                     LOG.debug("Client Principal is: " + gContext.getSrcName());
                     LOG.debug("Server Principal is: " + gContext.getTargName());
                     LOG.debug("Client Default Role: " + role);

                     SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);

                     Subject subject = new Subject();
                     subject.getPrincipals().add(user);

                     return _identityService.newUserIdentity(subject,user, new String[]{role});
                 }
             }

         }
         catch (GSSException gsse)
         {
             LOG.warn(gsse);
         }

         return null;
     }

     public boolean validate(UserIdentity user)
     {
         return false;
     }

     public IdentityService getIdentityService()
     {
         return _identityService;
     }

     public void setIdentityService(IdentityService service)
     {
         _identityService = service;
     }

 	public void logout(UserIdentity user) {
 		// TODO Auto-generated method stub

 	}

 }
	//
	// ========================================================================
	// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//

	package org.eclipse.jetty.security;

	import java.util.Properties;

	import javax.security.auth.Subject;

	import org.eclipse.jetty.server.UserIdentity;
	import org.eclipse.jetty.util.component.AbstractLifeCycle;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;
	import org.eclipse.jetty.util.resource.Resource;
	import org.eclipse.jetty.util.security.B64Code;
	import org.ietf.jgss.GSSContext;
	import org.ietf.jgss.GSSCredential;
	import org.ietf.jgss.GSSException;
	import org.ietf.jgss.GSSManager;
	import org.ietf.jgss.GSSName;
	import org.ietf.jgss.Oid;

	public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
	{
	private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);

	protected IdentityService _identityService;// = new LdapIdentityService();
	protected String _name;
	private String _config;

	private String _targetName;

	public SpnegoLoginService()
	{

	}

	public SpnegoLoginService( String name )
	{
	setName(name);
	}

	public SpnegoLoginService( String name, String config )
	{
	setName(name);
	setConfig(config);
	}

	public String getName()
	{
	return _name;
	}

	public void setName(String name)
	{
	if (isRunning())
	{
	throw new IllegalStateException("Running");
	}

	_name = name;
	}

	public String getConfig()
	{
	return _config;
	}

	public void setConfig( String config )
	{
	if (isRunning())
	{
	throw new IllegalStateException("Running");
	}

	_config = config;
	}



	@Override
	protected void doStart() throws Exception
	{
	Properties properties = new Properties();
	Resource resource = Resource.newResource(_config);
	properties.load(resource.getInputStream());

	_targetName = properties.getProperty("targetName");

	LOG.debug("Target Name {}", _targetName);

	super.doStart();
	}

	/**
	* username will be null since the credentials will contain all the relevant info
	*/
	public UserIdentity login(String username, Object credentials)
	{
	String encodedAuthToken = (String)credentials;

	byte[] authToken = B64Code.decode(encodedAuthToken);

	GSSManager manager = GSSManager.getInstance();
	try
	{
	Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
	GSSName gssName = manager.createName(_targetName,null);
	GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
	GSSContext gContext = manager.createContext(serverCreds);

	if (gContext == null)
	{
	LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
	}
	else
	{
	while (!gContext.isEstablished())
	{
	authToken = gContext.acceptSecContext(authToken,0,authToken.length);
	}
	if (gContext.isEstablished())
	{
	String clientName = gContext.getSrcName().toString();
	String role = clientName.substring(clientName.indexOf('@') + 1);

	LOG.debug("SpnegoUserRealm: established a security context");
	LOG.debug("Client Principal is: " + gContext.getSrcName());
	LOG.debug("Server Principal is: " + gContext.getTargName());
	LOG.debug("Client Default Role: " + role);

	SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);

	Subject subject = new Subject();
	subject.getPrincipals().add(user);

	return _identityService.newUserIdentity(subject,user, new String[]{role});
	}
	}

	}
	catch (GSSException gsse)
	{
	LOG.warn(gsse);
	}

	return null;
	}

	public boolean validate(UserIdentity user)
	{
	return false;
	}

	public IdentityService getIdentityService()
	{
	return _identityService;
	}

	public void setIdentityService(IdentityService service)
	{
	_identityService = service;
	}

	public void logout(UserIdentity user) {
	// TODO Auto-generated method stub

	}

	}