use of org.eclipse.jetty.security.authentication.DeferredAuthentication in project drill by apache.
the class DrillSpnegoAuthenticator method authenticateSession.
/**
* Method to authenticate a user session using the SPNEGO token passed in AUTHORIZATION header of request.
* @param request
* @param response
* @param mandatory
* @return
* @throws ServerAuthException
*/
private Authentication authenticateSession(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse res = (HttpServletResponse) response;
final HttpSession session = req.getSession(true);
// Defer the authentication if not mandatory.
if (!mandatory) {
return new DeferredAuthentication(this);
}
// Authentication is mandatory, get the Authorization header
final String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
// Authorization header is null, so send the 401 error code to client along with negotiate header
if (header == null) {
try {
if (DeferredAuthentication.isDeferred(res)) {
return Authentication.UNAUTHENTICATED;
} else {
res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
res.sendError(401);
logger.debug("DrillSpnegoAuthenticator: Sending challenge to client {}", req.getRemoteAddr());
return Authentication.SEND_CONTINUE;
}
} catch (IOException e) {
logger.error("DrillSpnegoAuthenticator: Failed while sending challenge to client {}", req.getRemoteAddr(), e);
throw new ServerAuthException(e);
}
}
// Valid Authorization header received. Get the SPNEGO token sent by client and try to authenticate
logger.debug("DrillSpnegoAuthenticator: Received NEGOTIATE Response back from client {}", req.getRemoteAddr());
final String negotiateString = HttpHeader.NEGOTIATE.asString();
if (header.startsWith(negotiateString)) {
final String spnegoToken = header.substring(negotiateString.length() + 1);
final UserIdentity user = this.login(null, spnegoToken, request);
// redirect the request to the desired page after successful login
if (user != null) {
String newUri = (String) session.getAttribute("org.eclipse.jetty.security.form_URI");
if (Strings.isNullOrEmpty(newUri)) {
newUri = req.getContextPath();
if (Strings.isNullOrEmpty(newUri)) {
newUri = WebServerConstants.WEBSERVER_ROOT_PATH;
}
}
response.setContentLength(0);
Request baseRequest = Request.getBaseRequest(req);
int redirectCode = baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? 302 : 303;
try {
baseRequest.getResponse().sendRedirect(redirectCode, res.encodeRedirectURL(newUri));
} catch (IOException e) {
logger.error("DrillSpnegoAuthenticator: Failed while using the redirect URL {} from client {}", newUri, req.getRemoteAddr(), e);
throw new ServerAuthException(e);
}
logger.debug("DrillSpnegoAuthenticator: Successfully authenticated this client session: {}", user.getUserPrincipal().getName());
return new UserAuthentication(this.getAuthMethod(), user);
}
}
logger.debug("DrillSpnegoAuthenticator: Authentication failed for client session: {}", req.getRemoteAddr());
return Authentication.UNAUTHENTICATED;
}
Aggregations