Search in sources :

Example 1 with DefaultUserIdentity

use of org.eclipse.jetty.security.DefaultUserIdentity in project keycloak by keycloak.

the class AbstractKeycloakJettyAuthenticator method createIdentity.

public static UserIdentity createIdentity(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) {
    Set<String> roles = AdapterUtils.getRolesFromSecurityContext(principal.getKeycloakSecurityContext());
    if (roles == null) {
        roles = new HashSet<String>();
    }
    Subject theSubject = new Subject();
    String[] theRoles = new String[roles.size()];
    roles.toArray(theRoles);
    return new DefaultUserIdentity(theSubject, principal, theRoles);
}
Also used : DefaultUserIdentity(org.eclipse.jetty.security.DefaultUserIdentity) Subject(javax.security.auth.Subject)

Example 2 with DefaultUserIdentity

use of org.eclipse.jetty.security.DefaultUserIdentity in project keycloak by keycloak.

the class AbstractSamlAuthenticator method createIdentity.

public static UserIdentity createIdentity(SamlSession samlSession) {
    Set<String> roles = samlSession.getRoles();
    if (roles == null) {
        roles = new HashSet<String>();
    }
    Subject theSubject = new Subject();
    String[] theRoles = new String[roles.size()];
    roles.toArray(theRoles);
    return new DefaultUserIdentity(theSubject, samlSession.getPrincipal(), theRoles);
}
Also used : DefaultUserIdentity(org.eclipse.jetty.security.DefaultUserIdentity) Subject(javax.security.auth.Subject)

Example 3 with DefaultUserIdentity

use of org.eclipse.jetty.security.DefaultUserIdentity in project zm-mailbox by Zimbra.

the class SpnegoAuthenticator method authenticate.

/* =========================================================
     *
     * Based on org.eclipse.jetty.security.SpnegoAuthenticator
     *
     * =========================================================
     */
private ZimbraPrincipal authenticate(LoginService realm, Request request, HttpServletResponse response) throws ServiceException, IOException {
    Principal user = null;
    String header = request.getHeader(HttpHeader.AUTHORIZATION.toString());
    /*
         * if the header is null then we need to challenge...this is after the error page check
         */
    if (header == null) {
        sendChallenge(realm, request, response);
        throw SSOAuthenticatorServiceException.SENT_CHALLENGE();
    } else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.toString())) {
        /*
             * we have gotten a negotiate header to try and authenticate
             */
        // skip over "Negotiate "
        String token = header.substring(10);
        UserIdentity identity = realm.login(null, token, request);
        if (identity == null) {
            throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: unable to login", (Throwable) null);
        }
        user = identity.getUserPrincipal();
        if (user != null) {
            ZimbraLog.account.debug("SpnegoAuthenticator: obtained principal: " + user.getName());
            Account acct = getAccountByPrincipal(user);
            ZimbraPrincipal zimbraPrincipal = new ZimbraPrincipal(user.getName(), acct);
            String clientName = ((SpnegoUserPrincipal) user).getName();
            String role = clientName.substring(clientName.indexOf('@') + 1);
            String[] roles = new String[] { role };
            DefaultUserIdentity defaultUserIdentity = new DefaultUserIdentity(identity.getSubject(), zimbraPrincipal, roles);
            SpnegoUserIdentity spnegoUserIdentity = new SpnegoUserIdentity(identity.getSubject(), zimbraPrincipal, defaultUserIdentity);
            Authentication authentication = new UserAuthentication(getAuthType(), spnegoUserIdentity);
            request.setAuthentication(authentication);
            response.addHeader(HttpHeader.WWW_AUTHENTICATE.toString(), HttpHeader.NEGOTIATE.toString() + " " + ((SpnegoUserPrincipal) user).getToken());
            return zimbraPrincipal;
        } else {
            /*
                 * no user was returned from the authentication which means something failed
                 * so process error logic
                 */
            ZimbraLog.account.debug("SpnegoAuthenticator: no user found, authentication failed");
            throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: no user found, authentication failed", (Throwable) null);
        }
    } else {
        /*
             * the header was not null, but we didn't get a negotiate so process error logic
             */
        throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: authentication failed, unknown header (browser is likely misconfigured for SPNEGO)", (Throwable) null);
    }
}
Also used : SpnegoUserIdentity(org.eclipse.jetty.security.SpnegoUserIdentity) GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) DefaultUserIdentity(org.eclipse.jetty.security.DefaultUserIdentity) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) DefaultUserIdentity(org.eclipse.jetty.security.DefaultUserIdentity) UserIdentity(org.eclipse.jetty.server.UserIdentity) SpnegoUserIdentity(org.eclipse.jetty.security.SpnegoUserIdentity) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Krb5Principal(com.zimbra.cs.account.krb5.Krb5Principal) SpnegoUserPrincipal(org.eclipse.jetty.security.SpnegoUserPrincipal) Principal(java.security.Principal)

Aggregations

DefaultUserIdentity (org.eclipse.jetty.security.DefaultUserIdentity)3 Subject (javax.security.auth.Subject)2 Account (com.zimbra.cs.account.Account)1 GuestAccount (com.zimbra.cs.account.GuestAccount)1 Krb5Principal (com.zimbra.cs.account.krb5.Krb5Principal)1 Principal (java.security.Principal)1 SpnegoUserIdentity (org.eclipse.jetty.security.SpnegoUserIdentity)1 SpnegoUserPrincipal (org.eclipse.jetty.security.SpnegoUserPrincipal)1 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)1 Authentication (org.eclipse.jetty.server.Authentication)1 UserIdentity (org.eclipse.jetty.server.UserIdentity)1