Search in sources :

Example 11 with ServerAuthException

use of org.eclipse.jetty.security.ServerAuthException in project jetty.project by eclipse.

the class SpnegoAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
    if (!mandatory) {
        return new DeferredAuthentication(this);
    }
    // check to see if we have authorization headers required to continue
    if (header == null) {
        try {
            if (DeferredAuthentication.isDeferred(res)) {
                return Authentication.UNAUTHENTICATED;
            }
            LOG.debug("SpengoAuthenticator: sending challenge");
            res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
            res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return Authentication.SEND_CONTINUE;
        } catch (IOException ioe) {
            throw new ServerAuthException(ioe);
        }
    } else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.asString())) {
        String spnegoToken = header.substring(10);
        UserIdentity user = login(null, spnegoToken, request);
        if (user != null) {
            return new UserAuthentication(getAuthMethod(), user);
        }
    }
    return Authentication.UNAUTHENTICATED;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication)

Example 12 with ServerAuthException

use of org.eclipse.jetty.security.ServerAuthException in project jetty.project by eclipse.

the class BasicAuthenticator method validateRequest.

/* ------------------------------------------------------------ */
/**
     * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
     */
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
    try {
        if (!mandatory)
            return new DeferredAuthentication(this);
        if (credentials != null) {
            int space = credentials.indexOf(' ');
            if (space > 0) {
                String method = credentials.substring(0, space);
                if ("basic".equalsIgnoreCase(method)) {
                    credentials = credentials.substring(space + 1);
                    credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
                    int i = credentials.indexOf(':');
                    if (i > 0) {
                        String username = credentials.substring(0, i);
                        String password = credentials.substring(i + 1);
                        UserIdentity user = login(username, password, request);
                        if (user != null) {
                            return new UserAuthentication(getAuthMethod(), user);
                        }
                    }
                }
            }
        }
        if (DeferredAuthentication.isDeferred(response))
            return Authentication.UNAUTHENTICATED;
        response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return Authentication.SEND_CONTINUE;
    } catch (IOException e) {
        throw new ServerAuthException(e);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Constraint(org.eclipse.jetty.util.security.Constraint)

Example 13 with ServerAuthException

use of org.eclipse.jetty.security.ServerAuthException in project jetty.project by eclipse.

the class ClientCertAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    if (!mandatory)
        return new DeferredAuthentication(this);
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    try {
        // Need certificates.
        if (certs != null && certs.length > 0) {
            if (_validateCerts) {
                KeyStore trustStore = getKeyStore(_trustStorePath, _trustStoreType, _trustStoreProvider, _trustStorePassword == null ? null : _trustStorePassword.toString());
                Collection<? extends CRL> crls = loadCRL(_crlPath);
                CertificateValidator validator = new CertificateValidator(trustStore, crls);
                validator.validate(certs);
            }
            for (X509Certificate cert : certs) {
                if (cert == null)
                    continue;
                Principal principal = cert.getSubjectDN();
                if (principal == null)
                    principal = cert.getIssuerDN();
                final String username = principal == null ? "clientcert" : principal.getName();
                final char[] credential = B64Code.encode(cert.getSignature());
                UserIdentity user = login(username, credential, req);
                if (user != null) {
                    return new UserAuthentication(getAuthMethod(), user);
                }
            }
        }
        if (!DeferredAuthentication.isDeferred(response)) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.SEND_FAILURE;
        }
        return Authentication.UNAUTHENTICATED;
    } catch (Exception e) {
        throw new ServerAuthException(e.getMessage());
    }
}
Also used : CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Principal(java.security.Principal)

Example 14 with ServerAuthException

use of org.eclipse.jetty.security.ServerAuthException in project blade by biezhi.

the class SpnegoAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
    if (!mandatory) {
        return new DeferredAuthentication(this);
    }
    // check to see if we have authorization headers required to continue
    if (header == null) {
        try {
            if (DeferredAuthentication.isDeferred(res)) {
                return Authentication.UNAUTHENTICATED;
            }
            LOG.debug("SpengoAuthenticator: sending challenge");
            res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
            res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return Authentication.SEND_CONTINUE;
        } catch (IOException ioe) {
            throw new ServerAuthException(ioe);
        }
    } else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.asString())) {
        String spnegoToken = header.substring(10);
        UserIdentity user = login(null, spnegoToken, request);
        if (user != null) {
            return new UserAuthentication(getAuthMethod(), user);
        }
    }
    return Authentication.UNAUTHENTICATED;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication)

Example 15 with ServerAuthException

use of org.eclipse.jetty.security.ServerAuthException in project blade by biezhi.

the class ClientCertAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    if (!mandatory)
        return new DeferredAuthentication(this);
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    try {
        // Need certificates.
        if (certs != null && certs.length > 0) {
            if (_validateCerts) {
                KeyStore trustStore = getKeyStore(_trustStorePath, _trustStoreType, _trustStoreProvider, _trustStorePassword == null ? null : _trustStorePassword.toString());
                Collection<? extends CRL> crls = loadCRL(_crlPath);
                CertificateValidator validator = new CertificateValidator(trustStore, crls);
                validator.validate(certs);
            }
            for (X509Certificate cert : certs) {
                if (cert == null)
                    continue;
                Principal principal = cert.getSubjectDN();
                if (principal == null)
                    principal = cert.getIssuerDN();
                final String username = principal == null ? "clientcert" : principal.getName();
                final char[] credential = B64Code.encode(cert.getSignature());
                UserIdentity user = login(username, credential, req);
                if (user != null) {
                    return new UserAuthentication(getAuthMethod(), user);
                }
            }
        }
        if (!DeferredAuthentication.isDeferred(response)) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.SEND_FAILURE;
        }
        return Authentication.UNAUTHENTICATED;
    } catch (Exception e) {
        throw new ServerAuthException(e.getMessage());
    }
}
Also used : CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Principal(java.security.Principal)

Aggregations

ServerAuthException (org.eclipse.jetty.security.ServerAuthException)17 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 HttpServletResponse (javax.servlet.http.HttpServletResponse)12 UserIdentity (org.eclipse.jetty.server.UserIdentity)12 IOException (java.io.IOException)10 Authentication (org.eclipse.jetty.server.Authentication)7 Constraint (org.eclipse.jetty.util.security.Constraint)6 ServletRequest (javax.servlet.ServletRequest)4 IdentityService (org.eclipse.jetty.security.IdentityService)4 LoginService (org.eclipse.jetty.security.LoginService)4 Request (org.eclipse.jetty.server.Request)4 Principal (java.security.Principal)3 HttpSession (javax.servlet.http.HttpSession)3 KeyStore (java.security.KeyStore)2 MessageDigest (java.security.MessageDigest)2 X509Certificate (java.security.cert.X509Certificate)2 AuthException (javax.security.auth.message.AuthException)2 AuthStatus (javax.security.auth.message.AuthStatus)2 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)2