Search in sources :

Example 6 with DeferredAuthentication

use of org.eclipse.jetty.security.authentication.DeferredAuthentication in project drill by apache.

the class DrillSpnegoAuthenticator method authenticateSession.

/**
 * Method to authenticate a user session using the SPNEGO token passed in AUTHORIZATION header of request.
 * @param request
 * @param response
 * @param mandatory
 * @return
 * @throws ServerAuthException
 */
private Authentication authenticateSession(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
    final HttpServletRequest req = (HttpServletRequest) request;
    final HttpServletResponse res = (HttpServletResponse) response;
    final HttpSession session = req.getSession(true);
    // Defer the authentication if not mandatory.
    if (!mandatory) {
        return new DeferredAuthentication(this);
    }
    // Authentication is mandatory, get the Authorization header
    final String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
    // Authorization header is null, so send the 401 error code to client along with negotiate header
    if (header == null) {
        try {
            if (DeferredAuthentication.isDeferred(res)) {
                return Authentication.UNAUTHENTICATED;
            } else {
                res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
                res.sendError(401);
                logger.debug("DrillSpnegoAuthenticator: Sending challenge to client {}", req.getRemoteAddr());
                return Authentication.SEND_CONTINUE;
            }
        } catch (IOException e) {
            logger.error("DrillSpnegoAuthenticator: Failed while sending challenge to client {}", req.getRemoteAddr(), e);
            throw new ServerAuthException(e);
        }
    }
    // Valid Authorization header received. Get the SPNEGO token sent by client and try to authenticate
    logger.debug("DrillSpnegoAuthenticator: Received NEGOTIATE Response back from client {}", req.getRemoteAddr());
    final String negotiateString = HttpHeader.NEGOTIATE.asString();
    if (header.startsWith(negotiateString)) {
        final String spnegoToken = header.substring(negotiateString.length() + 1);
        final UserIdentity user = this.login(null, spnegoToken, request);
        // redirect the request to the desired page after successful login
        if (user != null) {
            String newUri = (String) session.getAttribute("org.eclipse.jetty.security.form_URI");
            if (Strings.isNullOrEmpty(newUri)) {
                newUri = req.getContextPath();
                if (Strings.isNullOrEmpty(newUri)) {
                    newUri = WebServerConstants.WEBSERVER_ROOT_PATH;
                }
            }
            response.setContentLength(0);
            Request baseRequest = Request.getBaseRequest(req);
            int redirectCode = baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? 302 : 303;
            try {
                baseRequest.getResponse().sendRedirect(redirectCode, res.encodeRedirectURL(newUri));
            } catch (IOException e) {
                logger.error("DrillSpnegoAuthenticator: Failed while using the redirect URL {} from client {}", newUri, req.getRemoteAddr(), e);
                throw new ServerAuthException(e);
            }
            logger.debug("DrillSpnegoAuthenticator: Successfully authenticated this client session: {}", user.getUserPrincipal().getName());
            return new UserAuthentication(this.getAuthMethod(), user);
        }
    }
    logger.debug("DrillSpnegoAuthenticator: Authentication failed for client session: {}", req.getRemoteAddr());
    return Authentication.UNAUTHENTICATED;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) UserIdentity(org.eclipse.jetty.server.UserIdentity) Request(org.eclipse.jetty.server.Request) ServletRequest(javax.servlet.ServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication)

Aggregations

DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)4 IOException (java.io.IOException)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 ServerAuthException (org.eclipse.jetty.security.ServerAuthException)3 Authentication (org.eclipse.jetty.server.Authentication)3 Response (org.eclipse.jetty.server.Response)3 UserIdentity (org.eclipse.jetty.server.UserIdentity)3 ServletRequest (javax.servlet.ServletRequest)2 HttpSession (javax.servlet.http.HttpSession)2 Handler (org.eclipse.jetty.server.Handler)2 Request (org.eclipse.jetty.server.Request)2 ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)2 ServletResponse (javax.servlet.ServletResponse)1 SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)1 HttpChannel (org.eclipse.jetty.server.HttpChannel)1