diff options
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java')
-rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java | 248 |
1 files changed, 248 insertions, 0 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java new file mode 100644 index 0000000000..84deed8609 --- /dev/null +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -0,0 +1,248 @@ +// +// ======================================================================== +// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + + +package org.eclipse.jetty.security; + +import java.io.Serializable; +import java.security.Principal; + +import javax.security.auth.Subject; +import javax.servlet.ServletRequest; + + +import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.util.component.AbstractLifeCycle; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; +import org.eclipse.jetty.util.security.Credential; + +/** + * AbstractLoginService + */ +public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService +{ + private static final Logger LOG = Log.getLogger(AbstractLoginService.class); + + protected IdentityService _identityService=new DefaultIdentityService(); + protected String _name; + protected boolean _fullValidate = false; + + + /* ------------------------------------------------------------ */ + /** + * RolePrincipal + */ + public static class RolePrincipal implements Principal,Serializable + { + private static final long serialVersionUID = 2998397924051854402L; + private final String _roleName; + public RolePrincipal(String name) + { + _roleName=name; + } + public String getName() + { + return _roleName; + } + } + + + /* ------------------------------------------------------------ */ + /** + * UserPrincipal + */ + public static class UserPrincipal implements Principal,Serializable + { + private static final long serialVersionUID = -6226920753748399662L; + private final String _name; + private final Credential _credential; + + + /* -------------------------------------------------------- */ + public UserPrincipal(String name,Credential credential) + { + _name=name; + _credential=credential; + } + + /* -------------------------------------------------------- */ + public boolean authenticate(Object credentials) + { + return _credential!=null && _credential.check(credentials); + } + + /* -------------------------------------------------------- */ + public boolean authenticate (Credential c) + { + return(_credential != null && c != null && _credential.equals(c)); + } + + /* ------------------------------------------------------------ */ + public String getName() + { + return _name; + } + + + + /* -------------------------------------------------------- */ + @Override + public String toString() + { + return _name; + } + } + + /* ------------------------------------------------------------ */ + protected abstract String[] loadRoleInfo (UserPrincipal user); + + /* ------------------------------------------------------------ */ + protected abstract UserPrincipal loadUserInfo (String username); + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getName() + */ + @Override + public String getName() + { + return _name; + } + + /* ------------------------------------------------------------ */ + /** Set the identityService. + * @param identityService the identityService to set + */ + public void setIdentityService(IdentityService identityService) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _identityService = identityService; + } + + /* ------------------------------------------------------------ */ + /** Set the name. + * @param name the name to set + */ + public void setName(String name) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _name = name; + } + + /* ------------------------------------------------------------ */ + @Override + public String toString() + { + return this.getClass().getSimpleName()+"["+_name+"]"; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest) + */ + @Override + public UserIdentity login(String username, Object credentials, ServletRequest request) + { + if (username == null) + return null; + + UserPrincipal userPrincipal = loadUserInfo(username); + if (userPrincipal.authenticate(credentials)) + { + //safe to load the roles + String[] roles = loadRoleInfo(userPrincipal); + + Subject subject = new Subject(); + subject.getPrincipals().add(userPrincipal); + subject.getPrivateCredentials().add(userPrincipal._credential); + if (roles!=null) + for (String role : roles) + subject.getPrincipals().add(new RolePrincipal(role)); + subject.setReadOnly(); + return _identityService.newUserIdentity(subject,userPrincipal,roles); + } + + return null; + + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public boolean validate(UserIdentity user) + { + if (!isFullValidate()) + return true; //if we have a user identity it must be valid + + //Do a full validation back against the user store + UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName()); + if (fresh == null) + return false; //user no longer exists + + if (user.getUserPrincipal() instanceof UserPrincipal) + { + System.err.println("VALIDATING user "+fresh.getName()); + return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential); + } + + throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getIdentityService() + */ + @Override + public IdentityService getIdentityService() + { + return _identityService; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public void logout(UserIdentity user) + { + //Override in subclasses + + } + + /* ------------------------------------------------------------ */ + public boolean isFullValidate() + { + return _fullValidate; + } + + /* ------------------------------------------------------------ */ + public void setFullValidate(boolean fullValidate) + { + _fullValidate = fullValidate; + } + +} |