Example 6 with UserAuthentication
use of org.eclipse.jetty.security.UserAuthentication in project blade by biezhi.
the class ClientCertAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (!mandatory)
return new DeferredAuthentication(this);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
try {
// Need certificates.
if (certs != null && certs.length > 0) {
if (_validateCerts) {
KeyStore trustStore = getKeyStore(_trustStorePath, _trustStoreType, _trustStoreProvider, _trustStorePassword == null ? null : _trustStorePassword.toString());
Collection<? extends CRL> crls = loadCRL(_crlPath);
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.validate(certs);
}
for (X509Certificate cert : certs) {
if (cert == null)
continue;
Principal principal = cert.getSubjectDN();
if (principal == null)
principal = cert.getIssuerDN();
final String username = principal == null ? "clientcert" : principal.getName();
final char[] credential = B64Code.encode(cert.getSignature());
UserIdentity user = login(username, credential, req);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
}
}
if (!DeferredAuthentication.isDeferred(response)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.SEND_FAILURE;
}
return Authentication.UNAUTHENTICATED;
} catch (Exception e) {
throw new ServerAuthException(e.getMessage());
}
}
Also used :
CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Principal(java.security.Principal)
Example 7 with UserAuthentication
use of org.eclipse.jetty.security.UserAuthentication in project blade by biezhi.
the class DigestAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (!mandatory)
return new DeferredAuthentication(this);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
boolean stale = false;
if (credentials != null) {
if (LOG.isDebugEnabled())
LOG.debug("Credentials: " + credentials);
QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch(c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
break;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name))
digest.username = tok;
else if ("realm".equalsIgnoreCase(name))
digest.realm = tok;
else if ("nonce".equalsIgnoreCase(name))
digest.nonce = tok;
else if ("nc".equalsIgnoreCase(name))
digest.nc = tok;
else if ("cnonce".equalsIgnoreCase(name))
digest.cnonce = tok;
else if ("qop".equalsIgnoreCase(name))
digest.qop = tok;
else if ("uri".equalsIgnoreCase(name))
digest.uri = tok;
else if ("response".equalsIgnoreCase(name))
digest.response = tok;
name = null;
}
}
}
int n = checkNonce(digest, (Request) request);
if (n > 0) {
//UserIdentity user = _loginService.login(digest.username,digest);
UserIdentity user = login(digest.username, digest, req);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
} else if (n == 0)
stale = true;
}
if (!DeferredAuthentication.isDeferred(response)) {
String domain = request.getContextPath();
if (domain == null)
domain = "/";
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() + "\", domain=\"" + domain + "\", nonce=\"" + newNonce((Request) request) + "\", algorithm=MD5, qop=\"auth\"," + " stale=" + stale);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
}
return Authentication.UNAUTHENTICATED;
} catch (IOException e) {
throw new ServerAuthException(e);
}
}
Also used :
MessageDigest(java.security.MessageDigest)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Constraint(org.eclipse.jetty.util.security.Constraint)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
QuotedStringTokenizer(org.eclipse.jetty.util.QuotedStringTokenizer)
Example 8 with UserAuthentication
use of org.eclipse.jetty.security.UserAuthentication in project jetty.project by eclipse.
the class DigestAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (!mandatory)
return new DeferredAuthentication(this);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
boolean stale = false;
if (credentials != null) {
if (LOG.isDebugEnabled())
LOG.debug("Credentials: " + credentials);
QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch(c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
break;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name))
digest.username = tok;
else if ("realm".equalsIgnoreCase(name))
digest.realm = tok;
else if ("nonce".equalsIgnoreCase(name))
digest.nonce = tok;
else if ("nc".equalsIgnoreCase(name))
digest.nc = tok;
else if ("cnonce".equalsIgnoreCase(name))
digest.cnonce = tok;
else if ("qop".equalsIgnoreCase(name))
digest.qop = tok;
else if ("uri".equalsIgnoreCase(name))
digest.uri = tok;
else if ("response".equalsIgnoreCase(name))
digest.response = tok;
name = null;
}
}
}
int n = checkNonce(digest, (Request) request);
if (n > 0) {
//UserIdentity user = _loginService.login(digest.username,digest);
UserIdentity user = login(digest.username, digest, req);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
} else if (n == 0)
stale = true;
}
if (!DeferredAuthentication.isDeferred(response)) {
String domain = request.getContextPath();
if (domain == null)
domain = "/";
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() + "\", domain=\"" + domain + "\", nonce=\"" + newNonce((Request) request) + "\", algorithm=MD5, qop=\"auth\"," + " stale=" + stale);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
}
return Authentication.UNAUTHENTICATED;
} catch (IOException e) {
throw new ServerAuthException(e);
}
}
Also used :
MessageDigest(java.security.MessageDigest)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Constraint(org.eclipse.jetty.util.security.Constraint)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
QuotedStringTokenizer(org.eclipse.jetty.util.QuotedStringTokenizer)
Example 9 with UserAuthentication
use of org.eclipse.jetty.security.UserAuthentication in project jetty.project by eclipse.
the class SpnegoAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
if (!mandatory) {
return new DeferredAuthentication(this);
}
// check to see if we have authorization headers required to continue
if (header == null) {
try {
if (DeferredAuthentication.isDeferred(res)) {
return Authentication.UNAUTHENTICATED;
}
LOG.debug("SpengoAuthenticator: sending challenge");
res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
} catch (IOException ioe) {
throw new ServerAuthException(ioe);
}
} else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.asString())) {
String spnegoToken = header.substring(10);
UserIdentity user = login(null, spnegoToken, request);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
}
return Authentication.UNAUTHENTICATED;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Example 10 with UserAuthentication
use of org.eclipse.jetty.security.UserAuthentication in project jetty.project by eclipse.
the class BasicAuthenticator method validateRequest.
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
*/
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
if (!mandatory)
return new DeferredAuthentication(this);
if (credentials != null) {
int space = credentials.indexOf(' ');
if (space > 0) {
String method = credentials.substring(0, space);
if ("basic".equalsIgnoreCase(method)) {
credentials = credentials.substring(space + 1);
credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
int i = credentials.indexOf(':');
if (i > 0) {
String username = credentials.substring(0, i);
String password = credentials.substring(i + 1);
UserIdentity user = login(username, password, request);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
}
}
}
}
if (DeferredAuthentication.isDeferred(response))
return Authentication.UNAUTHENTICATED;
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
} catch (IOException e) {
throw new ServerAuthException(e);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Constraint(org.eclipse.jetty.util.security.Constraint)
Aggregations
UserAuthentication (org.eclipse.jetty.security.UserAuthentication)13
UserIdentity (org.eclipse.jetty.server.UserIdentity)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)10
HttpServletResponse (javax.servlet.http.HttpServletResponse)9
ServerAuthException (org.eclipse.jetty.security.ServerAuthException)9
IOException (java.io.IOException)7
Principal (java.security.Principal)4
Constraint (org.eclipse.jetty.util.security.Constraint)4
Account (com.zimbra.cs.account.Account)2
KeyStore (java.security.KeyStore)2
MessageDigest (java.security.MessageDigest)2
X509Certificate (java.security.cert.X509Certificate)2
ServletRequest (javax.servlet.ServletRequest)2
IdentityService (org.eclipse.jetty.security.IdentityService)2
Authentication (org.eclipse.jetty.server.Authentication)2
Request (org.eclipse.jetty.server.Request)2
QuotedStringTokenizer (org.eclipse.jetty.util.QuotedStringTokenizer)2
CertificateValidator (org.eclipse.jetty.util.security.CertificateValidator)2
ServiceException (com.zimbra.common.service.ServiceException)1
ZimbraCookie (com.zimbra.common.util.ZimbraCookie)1
