Example 11 with UserIdentity
use of org.eclipse.jetty.server.UserIdentity in project blade by biezhi.
the class ClientCertAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (!mandatory)
return new DeferredAuthentication(this);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
try {
// Need certificates.
if (certs != null && certs.length > 0) {
if (_validateCerts) {
KeyStore trustStore = getKeyStore(_trustStorePath, _trustStoreType, _trustStoreProvider, _trustStorePassword == null ? null : _trustStorePassword.toString());
Collection<? extends CRL> crls = loadCRL(_crlPath);
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.validate(certs);
}
for (X509Certificate cert : certs) {
if (cert == null)
continue;
Principal principal = cert.getSubjectDN();
if (principal == null)
principal = cert.getIssuerDN();
final String username = principal == null ? "clientcert" : principal.getName();
final char[] credential = B64Code.encode(cert.getSignature());
UserIdentity user = login(username, credential, req);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
}
}
if (!DeferredAuthentication.isDeferred(response)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.SEND_FAILURE;
}
return Authentication.UNAUTHENTICATED;
} catch (Exception e) {
throw new ServerAuthException(e.getMessage());
}
}
Also used :
CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Principal(java.security.Principal)
Example 12 with UserIdentity
use of org.eclipse.jetty.server.UserIdentity in project blade by biezhi.
the class DigestAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (!mandatory)
return new DeferredAuthentication(this);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
boolean stale = false;
if (credentials != null) {
if (LOG.isDebugEnabled())
LOG.debug("Credentials: " + credentials);
QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch(c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
break;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name))
digest.username = tok;
else if ("realm".equalsIgnoreCase(name))
digest.realm = tok;
else if ("nonce".equalsIgnoreCase(name))
digest.nonce = tok;
else if ("nc".equalsIgnoreCase(name))
digest.nc = tok;
else if ("cnonce".equalsIgnoreCase(name))
digest.cnonce = tok;
else if ("qop".equalsIgnoreCase(name))
digest.qop = tok;
else if ("uri".equalsIgnoreCase(name))
digest.uri = tok;
else if ("response".equalsIgnoreCase(name))
digest.response = tok;
name = null;
}
}
}
int n = checkNonce(digest, (Request) request);
if (n > 0) {
//UserIdentity user = _loginService.login(digest.username,digest);
UserIdentity user = login(digest.username, digest, req);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
} else if (n == 0)
stale = true;
}
if (!DeferredAuthentication.isDeferred(response)) {
String domain = request.getContextPath();
if (domain == null)
domain = "/";
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() + "\", domain=\"" + domain + "\", nonce=\"" + newNonce((Request) request) + "\", algorithm=MD5, qop=\"auth\"," + " stale=" + stale);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
}
return Authentication.UNAUTHENTICATED;
} catch (IOException e) {
throw new ServerAuthException(e);
}
}
Also used :
MessageDigest(java.security.MessageDigest)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Constraint(org.eclipse.jetty.util.security.Constraint)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
QuotedStringTokenizer(org.eclipse.jetty.util.QuotedStringTokenizer)
Example 13 with UserIdentity
use of org.eclipse.jetty.server.UserIdentity in project blade by biezhi.
the class FormAuthenticator method login.
/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object password, ServletRequest request) {
UserIdentity user = super.login(username, password, request);
if (user != null) {
HttpSession session = ((HttpServletRequest) request).getSession(true);
Authentication cached = new SessionAuthentication(getAuthMethod(), user, password);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
return user;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
Example 14 with UserIdentity
use of org.eclipse.jetty.server.UserIdentity in project jetty.project by eclipse.
the class FormAuthModule method tryLogin.
private boolean tryLogin(MessageInfo messageInfo, Subject clientSubject, HttpServletResponse response, HttpSession session, String username, Password password) throws AuthException, IOException, UnsupportedCallbackException {
if (login(clientSubject, username, password, Constraint.__FORM_AUTH, messageInfo)) {
char[] pwdChars = password.toString().toCharArray();
Set<LoginCallbackImpl> loginCallbacks = clientSubject.getPrivateCredentials(LoginCallbackImpl.class);
if (!loginCallbacks.isEmpty()) {
LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();
Set<UserIdentity> userIdentities = clientSubject.getPrivateCredentials(UserIdentity.class);
if (!userIdentities.isEmpty()) {
UserIdentity userIdentity = userIdentities.iterator().next();
SessionAuthentication sessionAuth = new SessionAuthentication(Constraint.__FORM_AUTH, userIdentity, password);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, sessionAuth);
}
}
return true;
}
return false;
}
Also used :
LoginCallbackImpl(org.eclipse.jetty.security.authentication.LoginCallbackImpl)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)
Example 15 with UserIdentity
use of org.eclipse.jetty.server.UserIdentity in project jetty.project by eclipse.
the class PropertyFileLoginModule method getUserInfo.
/**
*
*
* @param userName the user name
* @throws Exception if unable to get the user information
*/
public UserInfo getUserInfo(String userName) throws Exception {
PropertyUserStore propertyUserStore = _propertyUserStores.get(_filename);
if (propertyUserStore == null)
throw new IllegalStateException("PropertyUserStore should never be null here!");
LOG.debug("Checking PropertyUserStore " + _filename + " for " + userName);
UserIdentity userIdentity = propertyUserStore.getUserIdentity(userName);
if (userIdentity == null)
return null;
//TODO in future versions change the impl of PropertyUserStore so its not
//storing Subjects etc, just UserInfo
Set<Principal> principals = userIdentity.getSubject().getPrincipals();
List<String> roles = new ArrayList<String>();
for (Principal principal : principals) {
roles.add(principal.getName());
}
Credential credential = (Credential) userIdentity.getSubject().getPrivateCredentials().iterator().next();
LOG.debug("Found: " + userName + " in PropertyUserStore " + _filename);
return new UserInfo(userName, credential, roles);
}
Also used :
PropertyUserStore(org.eclipse.jetty.security.PropertyUserStore)
Credential(org.eclipse.jetty.util.security.Credential)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
ArrayList(java.util.ArrayList)
Principal(java.security.Principal)
Aggregations
UserIdentity (org.eclipse.jetty.server.UserIdentity)26
UserAuthentication (org.eclipse.jetty.security.UserAuthentication)17
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
HttpServletResponse (javax.servlet.http.HttpServletResponse)11
ServerAuthException (org.eclipse.jetty.security.ServerAuthException)11
IOException (java.io.IOException)10
Principal (java.security.Principal)7
HttpSession (javax.servlet.http.HttpSession)6
Authentication (org.eclipse.jetty.server.Authentication)6
Constraint (org.eclipse.jetty.util.security.Constraint)6
Subject (javax.security.auth.Subject)4
ServletRequest (javax.servlet.ServletRequest)4
Request (org.eclipse.jetty.server.Request)4
ArrayList (java.util.ArrayList)3
SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)3
Account (com.zimbra.cs.account.Account)2
KeyStore (java.security.KeyStore)2
MessageDigest (java.security.MessageDigest)2
X509Certificate (java.security.cert.X509Certificate)2
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)2
