Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2012-10-12 04:00:28 -0400
committerJan Bartel2012-10-12 04:00:28 -0400
commit785e06d347e6b3714b3b44f8a7990b1f174cd714 (patch)
treeff93c7d14f38499304df7df45306628fb22965a5 /jetty-security/src/main/java/org/eclipse/jetty/security
parent7625f0b8b3a1ceced86b46f8e4c5722430323468 (diff)
downloadorg.eclipse.jetty.project-785e06d347e6b3714b3b44f8a7990b1f174cd714.tar.gz
org.eclipse.jetty.project-785e06d347e6b3714b3b44f8a7990b1f174cd714.tar.xz
org.eclipse.jetty.project-785e06d347e6b3714b3b44f8a7990b1f174cd714.zip
390108 Servlet 3.0 API for programmatic login doesn't appear to work
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java5
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java5
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java24
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java6
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java26
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java17
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java4
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java4
8 files changed, 62 insertions, 29 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
index ec2fb04b0d..3ae194f3fa 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
@@ -54,6 +54,8 @@ public class BasicAuthenticator extends LoginAuthenticator
return Constraint.__BASIC_AUTH;
}
+
+
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
@@ -85,10 +87,9 @@ public class BasicAuthenticator extends LoginAuthenticator
String username = credentials.substring(0,i);
String password = credentials.substring(i+1);
- UserIdentity user = _loginService.login(username,password);
+ UserIdentity user = login (username, password, request);
if (user!=null)
{
- renewSession(request,response);
return new UserAuthentication(getAuthMethod(),user);
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
index a4bef236a3..f34ccf3a0a 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
@@ -81,6 +81,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator
return Constraint.__CERT_AUTH;
}
+
+
/**
* @return Authentication for request
* @throws ServerAuthException
@@ -121,10 +123,9 @@ public class ClientCertAuthenticator extends LoginAuthenticator
final char[] credential = B64Code.encode(cert.getSignature());
- UserIdentity user = _loginService.login(username,credential);
+ UserIdentity user = login(username, credential, req);
if (user!=null)
{
- renewSession(request,response);
return new UserAuthentication(getAuthMethod(),user);
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
index 26640168df..68f3192dfd 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
@@ -29,6 +29,7 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.Authenticator;
@@ -73,6 +74,7 @@ public class DeferredAuthentication implements Authentication.Deferred
if (identity_service!=null)
_previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity());
+
return authentication;
}
}
@@ -80,6 +82,7 @@ public class DeferredAuthentication implements Authentication.Deferred
{
LOG.debug(e);
}
+
return this;
}
@@ -110,21 +113,16 @@ public class DeferredAuthentication implements Authentication.Deferred
/**
* @see org.eclipse.jetty.server.Authentication.Deferred#login(java.lang.String, java.lang.String)
*/
- public Authentication login(String username, String password)
+ public Authentication login(String username, Object password, ServletRequest request)
{
- LoginService login_service= _authenticator.getLoginService();
- IdentityService identity_service=login_service.getIdentityService();
-
- if (login_service!=null)
+ UserIdentity identity = _authenticator.login(username, password, request);
+ if (identity != null)
{
- UserIdentity user = login_service.login(username,password);
- if (user!=null)
- {
- UserAuthentication authentication = new UserAuthentication("API",user);
- if (identity_service!=null)
- _previousAssociation=identity_service.associate(user);
- return authentication;
- }
+ IdentityService identity_service = _authenticator.getLoginService().getIdentityService();
+ UserAuthentication authentication = new UserAuthentication("API",identity);
+ if (identity_service != null)
+ _previousAssociation=identity_service.associate(identity);
+ return authentication;
}
return null;
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
index c42c26c871..1e5a417f29 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
@@ -116,6 +116,8 @@ public class DigestAuthenticator extends LoginAuthenticator
{
return true;
}
+
+
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
@@ -185,10 +187,10 @@ public class DigestAuthenticator extends LoginAuthenticator
if (n > 0)
{
- UserIdentity user = _loginService.login(digest.username,digest);
+ //UserIdentity user = _loginService.login(digest.username,digest);
+ UserIdentity user = login(digest.username, digest, req);
if (user!=null)
{
- renewSession(request,response);
return new UserAuthentication(getAuthMethod(),user);
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index 829a9d595b..b0f8f14c0c 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -179,6 +179,22 @@ public class FormAuthenticator extends LoginAuthenticator
_formErrorPath = _formErrorPath.substring(0, _formErrorPath.indexOf('?'));
}
}
+
+
+ /* ------------------------------------------------------------ */
+ @Override
+ public UserIdentity login(String username, Object password, ServletRequest request)
+ {
+
+ UserIdentity user = super.login(username,password,request);
+ if (user!=null)
+ {
+ HttpSession session = ((HttpServletRequest)request).getSession(true);
+ Authentication cached=new SessionAuthentication(getAuthMethod(),user,password);
+ session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
+ }
+ return user;
+ }
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
@@ -206,11 +222,10 @@ public class FormAuthenticator extends LoginAuthenticator
final String username = request.getParameter(__J_USERNAME);
final String password = request.getParameter(__J_PASSWORD);
- UserIdentity user = _loginService.login(username,password);
+ UserIdentity user = login(username, password, request);
+ session = request.getSession(true);
if (user!=null)
- {
- session=renewSession(request,response);
-
+ {
// Redirect to original request
String nuri;
synchronized(session)
@@ -223,9 +238,6 @@ public class FormAuthenticator extends LoginAuthenticator
if (nuri.length() == 0)
nuri = URIUtil.SLASH;
}
-
- Authentication cached=new SessionAuthentication(getAuthMethod(),user,password);
- session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
index 17e86574b6..322b17c95e 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
@@ -18,6 +18,7 @@
package org.eclipse.jetty.security.authentication;
+import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -25,6 +26,8 @@ import javax.servlet.http.HttpSession;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.session.AbstractSessionManager;
public abstract class LoginAuthenticator implements Authenticator
@@ -37,6 +40,20 @@ public abstract class LoginAuthenticator implements Authenticator
{
}
+
+ /* ------------------------------------------------------------ */
+ public UserIdentity login(String username, Object password, ServletRequest request)
+ {
+ UserIdentity user = _loginService.login(username,password);
+ if (user!=null)
+ {
+ renewSession((HttpServletRequest)request, null);
+ return user;
+ }
+ return null;
+ }
+
+
public void setConfiguration(AuthConfiguration configuration)
{
_loginService=configuration.getLoginService();
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
index 260d5ddd3f..7c0a56c1ac 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
@@ -98,8 +98,8 @@ public class SessionAuthentication implements Authentication.User, Serializable,
{
if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
_session.removeAttribute(__J_AUTHENTICATED);
- else
- doLogout();
+
+ doLogout();
}
private void doLogout()
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java
index ca5563f4e5..303d2f7e30 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java
@@ -60,6 +60,8 @@ public class SpnegoAuthenticator extends LoginAuthenticator
return _authMethod;
}
+
+
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
{
HttpServletRequest req = (HttpServletRequest)request;
@@ -96,7 +98,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator
{
String spnegoToken = header.substring(10);
- UserIdentity user = _loginService.login(null,spnegoToken);
+ UserIdentity user = login(null,spnegoToken, request);
if ( user != null )
{

Back to the top