diff options
author | Greg Wilkins | 2012-10-15 01:15:44 +0000 |
---|---|---|
committer | Greg Wilkins | 2012-10-15 01:15:44 +0000 |
commit | 9d62229dec84bfb5a2a652bb353abe6e82ec4ac8 (patch) | |
tree | b784ee9c954325e890678e5e3a9d953e295dfc62 /jetty-security/src/main/java | |
parent | bc4550f9b296d39ff0cb6412c282906736f287ad (diff) | |
parent | 07327cf46d825bc6aa854560a730ee963d023593 (diff) | |
download | org.eclipse.jetty.project-9d62229dec84bfb5a2a652bb353abe6e82ec4ac8.tar.gz org.eclipse.jetty.project-9d62229dec84bfb5a2a652bb353abe6e82ec4ac8.tar.xz org.eclipse.jetty.project-9d62229dec84bfb5a2a652bb353abe6e82ec4ac8.zip |
Merge remote-tracking branch 'origin/jetty-8' into jetty-9
Conflicts:
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java
jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
Diffstat (limited to 'jetty-security/src/main/java')
8 files changed, 60 insertions, 29 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index b65da3047e..b5160a7639 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -54,6 +54,8 @@ public class BasicAuthenticator extends LoginAuthenticator return Constraint.__BASIC_AUTH; } + + /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean) @@ -86,10 +88,9 @@ public class BasicAuthenticator extends LoginAuthenticator String username = credentials.substring(0,i); String password = credentials.substring(i+1); - UserIdentity user = _loginService.login(username,password); + UserIdentity user = login (username, password, request); if (user!=null) { - renewSession(request,response); return new UserAuthentication(getAuthMethod(),user); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java index 9eedbf56ce..7f6548a5d0 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java @@ -81,6 +81,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator return Constraint.__CERT_AUTH; } + + /** * @return Authentication for request * @throws ServerAuthException @@ -122,10 +124,9 @@ public class ClientCertAuthenticator extends LoginAuthenticator final char[] credential = B64Code.encode(cert.getSignature()); - UserIdentity user = _loginService.login(username,credential); + UserIdentity user = login(username, credential, req); if (user!=null) { - renewSession(request,response); return new UserAuthentication(getAuthMethod(),user); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java index 2cbd37f342..04fd15afcc 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java @@ -28,6 +28,7 @@ import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.eclipse.jetty.security.Authenticator; @@ -73,6 +74,7 @@ public class DeferredAuthentication implements Authentication.Deferred if (identity_service!=null) _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); + return authentication; } } @@ -80,6 +82,7 @@ public class DeferredAuthentication implements Authentication.Deferred { LOG.debug(e); } + return this; } @@ -112,21 +115,16 @@ public class DeferredAuthentication implements Authentication.Deferred * @see org.eclipse.jetty.server.Authentication.Deferred#login(java.lang.String, java.lang.String) */ @Override - public Authentication login(String username, String password) + public Authentication login(String username, Object password, ServletRequest request) { - LoginService login_service= _authenticator.getLoginService(); - IdentityService identity_service=login_service.getIdentityService(); - - if (login_service!=null) + UserIdentity identity = _authenticator.login(username, password, request); + if (identity != null) { - UserIdentity user = login_service.login(username,password); - if (user!=null) - { - UserAuthentication authentication = new UserAuthentication("API",user); - if (identity_service!=null) - _previousAssociation=identity_service.associate(user); - return authentication; - } + IdentityService identity_service = _authenticator.getLoginService().getIdentityService(); + UserAuthentication authentication = new UserAuthentication("API",identity); + if (identity_service != null) + _previousAssociation=identity_service.associate(identity); + return authentication; } return null; } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index 8c06f06e6a..9db1df481b 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -117,6 +117,8 @@ public class DigestAuthenticator extends LoginAuthenticator { return true; } + + /* ------------------------------------------------------------ */ @Override @@ -187,10 +189,10 @@ public class DigestAuthenticator extends LoginAuthenticator if (n > 0) { - UserIdentity user = _loginService.login(digest.username,digest); + //UserIdentity user = _loginService.login(digest.username,digest); + UserIdentity user = login(digest.username, digest, req); if (user!=null) { - renewSession(request,response); return new UserAuthentication(getAuthMethod(),user); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index 3ad5a9c127..6ee6bb4e70 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -180,6 +180,22 @@ public class FormAuthenticator extends LoginAuthenticator _formErrorPath = _formErrorPath.substring(0, _formErrorPath.indexOf('?')); } } + + + /* ------------------------------------------------------------ */ + @Override + public UserIdentity login(String username, Object password, ServletRequest request) + { + + UserIdentity user = super.login(username,password,request); + if (user!=null) + { + HttpSession session = ((HttpServletRequest)request).getSession(true); + Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); + session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); + } + return user; + } /* ------------------------------------------------------------ */ @Override @@ -208,12 +224,11 @@ public class FormAuthenticator extends LoginAuthenticator final String username = request.getParameter(__J_USERNAME); final String password = request.getParameter(__J_PASSWORD); - UserIdentity user = _loginService.login(username,password); + UserIdentity user = login(username, password, request); LOG.debug("jsecuritycheck {} {}",username,user); + session = request.getSession(true); if (user!=null) - { - session=renewSession(request,response); - + { // Redirect to original request String nuri; FormAuthentication form_auth; @@ -227,9 +242,6 @@ public class FormAuthenticator extends LoginAuthenticator if (nuri.length() == 0) nuri = URIUtil.SLASH; } - - Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); - session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); form_auth = new FormAuthentication(getAuthMethod(),user); } LOG.debug("authenticated {}->{}",form_auth,nuri); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java index 44c571e7db..47a079967d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -18,6 +18,7 @@ package org.eclipse.jetty.security.authentication; +import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -25,6 +26,8 @@ import javax.servlet.http.HttpSession; import org.eclipse.jetty.security.Authenticator; import org.eclipse.jetty.security.IdentityService; import org.eclipse.jetty.security.LoginService; +import org.eclipse.jetty.server.Authentication; +import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.server.session.AbstractSessionManager; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; @@ -41,6 +44,20 @@ public abstract class LoginAuthenticator implements Authenticator { } + + /* ------------------------------------------------------------ */ + public UserIdentity login(String username, Object password, ServletRequest request) + { + UserIdentity user = _loginService.login(username,password); + if (user!=null) + { + renewSession((HttpServletRequest)request, null); + return user; + } + return null; + } + + @Override public void setConfiguration(AuthConfiguration configuration) { diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java index 9e94282364..b7406e7556 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java @@ -97,8 +97,8 @@ public class SessionAuthentication implements Authentication.User, Serializable, { if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null) _session.removeAttribute(__J_AUTHENTICATED); - else - doLogout(); + + doLogout(); } private void doLogout() diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java index 2981e18fab..6c6cf79ffd 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java @@ -95,7 +95,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator { String spnegoToken = header.substring(10); - UserIdentity user = _loginService.login(null,spnegoToken); + UserIdentity user = login(null,spnegoToken, request); if ( user != null ) { |