Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
diff options
context:
space:
mode:
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java248
1 files changed, 248 insertions, 0 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
new file mode 100644
index 0000000000..84deed8609
--- /dev/null
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
@@ -0,0 +1,248 @@
+//
+// ========================================================================
+// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+//
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+//
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+//
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+//
+
+
+package org.eclipse.jetty.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
+
+
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+import org.eclipse.jetty.util.security.Credential;
+
+/**
+ * AbstractLoginService
+ */
+public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService
+{
+ private static final Logger LOG = Log.getLogger(AbstractLoginService.class);
+
+ protected IdentityService _identityService=new DefaultIdentityService();
+ protected String _name;
+ protected boolean _fullValidate = false;
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * RolePrincipal
+ */
+ public static class RolePrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = 2998397924051854402L;
+ private final String _roleName;
+ public RolePrincipal(String name)
+ {
+ _roleName=name;
+ }
+ public String getName()
+ {
+ return _roleName;
+ }
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * UserPrincipal
+ */
+ public static class UserPrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = -6226920753748399662L;
+ private final String _name;
+ private final Credential _credential;
+
+
+ /* -------------------------------------------------------- */
+ public UserPrincipal(String name,Credential credential)
+ {
+ _name=name;
+ _credential=credential;
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate(Object credentials)
+ {
+ return _credential!=null && _credential.check(credentials);
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate (Credential c)
+ {
+ return(_credential != null && c != null && _credential.equals(c));
+ }
+
+ /* ------------------------------------------------------------ */
+ public String getName()
+ {
+ return _name;
+ }
+
+
+
+ /* -------------------------------------------------------- */
+ @Override
+ public String toString()
+ {
+ return _name;
+ }
+ }
+
+ /* ------------------------------------------------------------ */
+ protected abstract String[] loadRoleInfo (UserPrincipal user);
+
+ /* ------------------------------------------------------------ */
+ protected abstract UserPrincipal loadUserInfo (String username);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getName()
+ */
+ @Override
+ public String getName()
+ {
+ return _name;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the identityService.
+ * @param identityService the identityService to set
+ */
+ public void setIdentityService(IdentityService identityService)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _identityService = identityService;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the name.
+ * @param name the name to set
+ */
+ public void setName(String name)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _name = name;
+ }
+
+ /* ------------------------------------------------------------ */
+ @Override
+ public String toString()
+ {
+ return this.getClass().getSimpleName()+"["+_name+"]";
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
+ */
+ @Override
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
+ {
+ if (username == null)
+ return null;
+
+ UserPrincipal userPrincipal = loadUserInfo(username);
+ if (userPrincipal.authenticate(credentials))
+ {
+ //safe to load the roles
+ String[] roles = loadRoleInfo(userPrincipal);
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(userPrincipal);
+ subject.getPrivateCredentials().add(userPrincipal._credential);
+ if (roles!=null)
+ for (String role : roles)
+ subject.getPrincipals().add(new RolePrincipal(role));
+ subject.setReadOnly();
+ return _identityService.newUserIdentity(subject,userPrincipal,roles);
+ }
+
+ return null;
+
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public boolean validate(UserIdentity user)
+ {
+ if (!isFullValidate())
+ return true; //if we have a user identity it must be valid
+
+ //Do a full validation back against the user store
+ UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName());
+ if (fresh == null)
+ return false; //user no longer exists
+
+ if (user.getUserPrincipal() instanceof UserPrincipal)
+ {
+ System.err.println("VALIDATING user "+fresh.getName());
+ return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential);
+ }
+
+ throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getIdentityService()
+ */
+ @Override
+ public IdentityService getIdentityService()
+ {
+ return _identityService;
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public void logout(UserIdentity user)
+ {
+ //Override in subclasses
+
+ }
+
+ /* ------------------------------------------------------------ */
+ public boolean isFullValidate()
+ {
+ return _fullValidate;
+ }
+
+ /* ------------------------------------------------------------ */
+ public void setFullValidate(boolean fullValidate)
+ {
+ _fullValidate = fullValidate;
+ }
+
+}

Back to the top