| // |
| // ======================================================================== |
| // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| // ------------------------------------------------------------------------ |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| // |
| |
| package org.eclipse.jetty.security; |
| |
| import java.util.Properties; |
| |
| import javax.security.auth.Subject; |
| |
| import org.eclipse.jetty.server.UserIdentity; |
| import org.eclipse.jetty.util.component.AbstractLifeCycle; |
| import org.eclipse.jetty.util.log.Log; |
| import org.eclipse.jetty.util.log.Logger; |
| import org.eclipse.jetty.util.resource.Resource; |
| import org.eclipse.jetty.util.security.B64Code; |
| import org.ietf.jgss.GSSContext; |
| import org.ietf.jgss.GSSCredential; |
| import org.ietf.jgss.GSSException; |
| import org.ietf.jgss.GSSManager; |
| import org.ietf.jgss.GSSName; |
| import org.ietf.jgss.Oid; |
| |
| public class SpnegoLoginService extends AbstractLifeCycle implements LoginService |
| { |
| private static final Logger LOG = Log.getLogger(SpnegoLoginService.class); |
| |
| protected IdentityService _identityService;// = new LdapIdentityService(); |
| protected String _name; |
| private String _config; |
| |
| private String _targetName; |
| |
| public SpnegoLoginService() |
| { |
| |
| } |
| |
| public SpnegoLoginService( String name ) |
| { |
| setName(name); |
| } |
| |
| public SpnegoLoginService( String name, String config ) |
| { |
| setName(name); |
| setConfig(config); |
| } |
| |
| public String getName() |
| { |
| return _name; |
| } |
| |
| public void setName(String name) |
| { |
| if (isRunning()) |
| { |
| throw new IllegalStateException("Running"); |
| } |
| |
| _name = name; |
| } |
| |
| public String getConfig() |
| { |
| return _config; |
| } |
| |
| public void setConfig( String config ) |
| { |
| if (isRunning()) |
| { |
| throw new IllegalStateException("Running"); |
| } |
| |
| _config = config; |
| } |
| |
| |
| |
| @Override |
| protected void doStart() throws Exception |
| { |
| Properties properties = new Properties(); |
| Resource resource = Resource.newResource(_config); |
| properties.load(resource.getInputStream()); |
| |
| _targetName = properties.getProperty("targetName"); |
| |
| LOG.debug("Target Name {}", _targetName); |
| |
| super.doStart(); |
| } |
| |
| /** |
| * username will be null since the credentials will contain all the relevant info |
| */ |
| public UserIdentity login(String username, Object credentials) |
| { |
| String encodedAuthToken = (String)credentials; |
| |
| byte[] authToken = B64Code.decode(encodedAuthToken); |
| |
| GSSManager manager = GSSManager.getInstance(); |
| try |
| { |
| Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html |
| GSSName gssName = manager.createName(_targetName,null); |
| GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY); |
| GSSContext gContext = manager.createContext(serverCreds); |
| |
| if (gContext == null) |
| { |
| LOG.debug("SpnegoUserRealm: failed to establish GSSContext"); |
| } |
| else |
| { |
| while (!gContext.isEstablished()) |
| { |
| authToken = gContext.acceptSecContext(authToken,0,authToken.length); |
| } |
| if (gContext.isEstablished()) |
| { |
| String clientName = gContext.getSrcName().toString(); |
| String role = clientName.substring(clientName.indexOf('@') + 1); |
| |
| LOG.debug("SpnegoUserRealm: established a security context"); |
| LOG.debug("Client Principal is: " + gContext.getSrcName()); |
| LOG.debug("Server Principal is: " + gContext.getTargName()); |
| LOG.debug("Client Default Role: " + role); |
| |
| SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken); |
| |
| Subject subject = new Subject(); |
| subject.getPrincipals().add(user); |
| |
| return _identityService.newUserIdentity(subject,user, new String[]{role}); |
| } |
| } |
| |
| } |
| catch (GSSException gsse) |
| { |
| LOG.warn(gsse); |
| } |
| |
| return null; |
| } |
| |
| public boolean validate(UserIdentity user) |
| { |
| return false; |
| } |
| |
| public IdentityService getIdentityService() |
| { |
| return _identityService; |
| } |
| |
| public void setIdentityService(IdentityService service) |
| { |
| _identityService = service; |
| } |
| |
| public void logout(UserIdentity user) { |
| // TODO Auto-generated method stub |
| |
| } |
| |
| } |