Example 1 with Authentication
use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.
the class JaspiAuthenticator method validateRequest.
public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException {
try {
String authContextId = _authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
Subject clientSubject = new Subject();
AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
if (authStatus == AuthStatus.SEND_CONTINUE)
return Authentication.SEND_CONTINUE;
if (authStatus == AuthStatus.SEND_FAILURE)
return Authentication.SEND_FAILURE;
if (authStatus == AuthStatus.SUCCESS) {
Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
UserIdentity userIdentity;
if (ids.size() > 0) {
userIdentity = ids.iterator().next();
} else {
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
if (principalCallback == null) {
return Authentication.UNAUTHENTICATED;
}
Principal principal = principalCallback.getPrincipal();
if (principal == null) {
String principalName = principalCallback.getName();
Set<Principal> principals = principalCallback.getSubject().getPrincipals();
for (Principal p : principals) {
if (p.getName().equals(principalName)) {
principal = p;
break;
}
}
if (principal == null) {
return Authentication.UNAUTHENTICATED;
}
}
GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
userIdentity = _identityService.newUserIdentity(clientSubject, principal, groups);
}
HttpSession session = ((HttpServletRequest) messageInfo.getRequestMessage()).getSession(false);
Authentication cached = (session == null ? null : (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED));
if (cached != null)
return cached;
return new UserAuthentication(getAuthMethod(), userIdentity);
}
if (authStatus == AuthStatus.SEND_SUCCESS) {
// we are processing a message in a secureResponse dialog.
return Authentication.SEND_SUCCESS;
}
if (authStatus == AuthStatus.FAILURE) {
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.SEND_FAILURE;
}
// should not happen
throw new IllegalStateException("No AuthStatus returned");
} catch (IOException | AuthException e) {
throw new ServerAuthException(e);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(javax.security.auth.message.AuthException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Subject(javax.security.auth.Subject)
ServerAuthContext(javax.security.auth.message.config.ServerAuthContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
AuthStatus(javax.security.auth.message.AuthStatus)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
Principal(java.security.Principal)
Example 2 with Authentication
use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.
the class DeferredAuthentication method authenticate.
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.Authentication.Deferred#authenticate(ServletRequest)
*/
@Override
public Authentication authenticate(ServletRequest request) {
try {
Authentication authentication = _authenticator.validateRequest(request, __deferredResponse, true);
if (authentication != null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent)) {
LoginService login_service = _authenticator.getLoginService();
IdentityService identity_service = login_service.getIdentityService();
if (identity_service != null)
_previousAssociation = identity_service.associate(((Authentication.User) authentication).getUserIdentity());
return authentication;
}
} catch (ServerAuthException e) {
LOG.debug(e);
}
return this;
}
Also used :
IdentityService(org.eclipse.jetty.security.IdentityService)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
LoginService(org.eclipse.jetty.security.LoginService)
Example 3 with Authentication
use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.
the class DeferredAuthentication method authenticate.
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.Authentication.Deferred#authenticate(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
*/
@Override
public Authentication authenticate(ServletRequest request, ServletResponse response) {
try {
LoginService login_service = _authenticator.getLoginService();
IdentityService identity_service = login_service.getIdentityService();
Authentication authentication = _authenticator.validateRequest(request, response, true);
if (authentication instanceof Authentication.User && identity_service != null)
_previousAssociation = identity_service.associate(((Authentication.User) authentication).getUserIdentity());
return authentication;
} catch (ServerAuthException e) {
LOG.debug(e);
}
return this;
}
Also used :
IdentityService(org.eclipse.jetty.security.IdentityService)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
LoginService(org.eclipse.jetty.security.LoginService)
Example 4 with Authentication
use of org.eclipse.jetty.server.Authentication in project blade by biezhi.
the class DeferredAuthentication method authenticate.
/* ------------------------------------------------------------ */
/**
* @see Deferred#authenticate(ServletRequest)
*/
@Override
public Authentication authenticate(ServletRequest request) {
try {
Authentication authentication = _authenticator.validateRequest(request, __deferredResponse, true);
if (authentication != null && (authentication instanceof User) && !(authentication instanceof ResponseSent)) {
LoginService login_service = _authenticator.getLoginService();
IdentityService identity_service = login_service.getIdentityService();
if (identity_service != null)
_previousAssociation = identity_service.associate(((User) authentication).getUserIdentity());
return authentication;
}
} catch (ServerAuthException e) {
LOG.debug(e);
}
return this;
}
Also used :
IdentityService(org.eclipse.jetty.security.IdentityService)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
LoginService(org.eclipse.jetty.security.LoginService)
Example 5 with Authentication
use of org.eclipse.jetty.server.Authentication in project blade by biezhi.
the class FormAuthenticator method validateRequest.
/* ------------------------------------------------------------ */
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
Request base_request = Request.getBaseRequest(request);
Response base_response = base_request.getResponse();
String uri = request.getRequestURI();
if (uri == null)
uri = URIUtil.SLASH;
mandatory |= isJSecurityCheck(uri);
if (!mandatory)
return new DeferredAuthentication(this);
if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(), request.getPathInfo())) && !DeferredAuthentication.isDeferred(response))
return new DeferredAuthentication(this);
HttpSession session = request.getSession(true);
try {
// Handle a request for authentication.
if (isJSecurityCheck(uri)) {
final String username = request.getParameter(__J_USERNAME);
final String password = request.getParameter(__J_PASSWORD);
UserIdentity user = login(username, password, request);
LOG.debug("jsecuritycheck {} {}", username, user);
session = request.getSession(true);
if (user != null) {
// Redirect to original request
String nuri;
FormAuthentication form_auth;
synchronized (session) {
nuri = (String) session.getAttribute(__J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
if (nuri.length() == 0)
nuri = URIUtil.SLASH;
}
form_auth = new FormAuthentication(getAuthMethod(), user);
}
LOG.debug("authenticated {}->{}", form_auth, nuri);
response.setContentLength(0);
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(nuri));
return form_auth;
}
// not authenticated
if (LOG.isDebugEnabled())
LOG.debug("Form authentication FAILED for " + StringUtil.printable(username));
if (_formErrorPage == null) {
LOG.debug("auth failed {}->403", username);
if (response != null)
response.sendError(HttpServletResponse.SC_FORBIDDEN);
} else if (_dispatch) {
LOG.debug("auth failed {}=={}", username, _formErrorPage);
RequestDispatcher dispatcher = request.getRequestDispatcher(_formErrorPage);
response.setHeader(HttpHeader.CACHE_CONTROL.asString(), HttpHeaderValue.NO_CACHE.asString());
response.setDateHeader(HttpHeader.EXPIRES.asString(), 1);
dispatcher.forward(new FormRequest(request), new FormResponse(response));
} else {
LOG.debug("auth failed {}->{}", username, _formErrorPage);
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formErrorPage)));
}
return Authentication.SEND_FAILURE;
}
// Look for cached authentication
Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
if (authentication instanceof User && _loginService != null && !_loginService.validate(((User) authentication).getUserIdentity())) {
LOG.debug("auth revoked {}", authentication);
session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
} else {
synchronized (session) {
String j_uri = (String) session.getAttribute(__J_URI);
if (j_uri != null) {
//check if the request is for the same url as the original and restore
//params if it was a post
LOG.debug("auth retry {}->{}", authentication, j_uri);
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null)
buf.append("?").append(request.getQueryString());
if (j_uri.equals(buf.toString())) {
MultiMap<String> j_post = (MultiMap<String>) session.getAttribute(__J_POST);
if (j_post != null) {
LOG.debug("auth rePOST {}->{}", authentication, j_uri);
base_request.setContentParameters(j_post);
}
session.removeAttribute(__J_URI);
session.removeAttribute(__J_METHOD);
session.removeAttribute(__J_POST);
}
}
}
LOG.debug("auth {}", authentication);
return authentication;
}
}
// if we can't send challenge
if (DeferredAuthentication.isDeferred(response)) {
LOG.debug("auth deferred {}", session.getId());
return Authentication.UNAUTHENTICATED;
}
// remember the current URI
synchronized (session) {
// But only if it is not set already, or we save every uri that leads to a login form redirect
if (session.getAttribute(__J_URI) == null || _alwaysSaveUri) {
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null)
buf.append("?").append(request.getQueryString());
session.setAttribute(__J_URI, buf.toString());
session.setAttribute(__J_METHOD, request.getMethod());
if (MimeTypes.Type.FORM_ENCODED.is(req.getContentType()) && HttpMethod.POST.is(request.getMethod())) {
MultiMap<String> formParameters = new MultiMap<>();
base_request.extractFormParameters(formParameters);
session.setAttribute(__J_POST, formParameters);
}
}
}
// send the the challenge
if (_dispatch) {
LOG.debug("challenge {}=={}", session.getId(), _formLoginPage);
RequestDispatcher dispatcher = request.getRequestDispatcher(_formLoginPage);
response.setHeader(HttpHeader.CACHE_CONTROL.asString(), HttpHeaderValue.NO_CACHE.asString());
response.setDateHeader(HttpHeader.EXPIRES.asString(), 1);
dispatcher.forward(new FormRequest(request), new FormResponse(response));
} else {
LOG.debug("challenge {}->{}", session.getId(), _formLoginPage);
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formLoginPage)));
}
return Authentication.SEND_CONTINUE;
} catch (IOException | ServletException e) {
throw new ServerAuthException(e);
}
}
Also used :
User(org.eclipse.jetty.server.Authentication.User)
HttpSession(javax.servlet.http.HttpSession)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
Constraint(org.eclipse.jetty.util.security.Constraint)
RequestDispatcher(javax.servlet.RequestDispatcher)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Response(org.eclipse.jetty.server.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
ServletException(javax.servlet.ServletException)
MultiMap(org.eclipse.jetty.util.MultiMap)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
Aggregations
Authentication (org.eclipse.jetty.server.Authentication)28
UserAuthentication (org.eclipse.jetty.security.UserAuthentication)23
HttpServletRequest (javax.servlet.http.HttpServletRequest)17
HttpSession (javax.servlet.http.HttpSession)17
SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)14
HttpServletResponse (javax.servlet.http.HttpServletResponse)13
UserIdentity (org.eclipse.jetty.server.UserIdentity)9
Test (org.junit.Test)9
SecurityTest (org.apache.drill.categories.SecurityTest)8
ServerAuthException (org.eclipse.jetty.security.ServerAuthException)8
DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)8
IOException (java.io.IOException)4
BaseTest (org.apache.drill.test.BaseTest)4
IdentityService (org.eclipse.jetty.security.IdentityService)4
LoginService (org.eclipse.jetty.security.LoginService)4
Response (org.eclipse.jetty.server.Response)4
Principal (java.security.Principal)2
RequestDispatcher (javax.servlet.RequestDispatcher)2
ServletException (javax.servlet.ServletException)2
ServletRequest (javax.servlet.ServletRequest)2
